CVE-2018-16232

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

Published: Oct 17, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-16232
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ipfire / ipfire	2.17-86_beta1	2.17-86_beta1.x
ipfire / ipfire	2.17-87_rc1	2.17-87_rc1.x
ipfire / ipfire	2.15-76_rc1	2.15-76_rc1.x
ipfire / ipfire	2.15-77_rc1	2.15-77_rc1.x
ipfire / ipfire	2.15-77_rc2	2.15-77_rc2.x
ipfire / ipfire	2.13-rc_1	2.13-rc_1.x
ipfire / ipfire	2.13-rc_2	2.13-rc_2.x
ipfire / ipfire	2.1	2.1.x
ipfire / ipfire	1.49	1.49.x
ipfire / ipfire	2.1-core_update16	2.1-core_update16.x
ipfire / ipfire	2.11-core_update53	2.11-core_update53.x
ipfire / ipfire	2.11-core_update54	2.11-core_update54.x
ipfire / ipfire	2.11-core_update59	2.11-core_update59.x
ipfire / ipfire	2.11-core_update60	2.11-core_update60.x
ipfire / ipfire	2.11-core_update62	2.11-core_update62.x
ipfire / ipfire	2.11-core_update64	2.11-core_update64.x
ipfire / ipfire	2.13-core_update66	2.13-core_update66.x
ipfire / ipfire	2.13-core_update67	2.13-core_update67.x
ipfire / ipfire	2.13-core_update71	2.13-core_update71.x
ipfire / ipfire	2.13-core_update72	2.13-core_update72.x
ipfire / ipfire	2.13-core_update73	2.13-core_update73.x
ipfire / ipfire	2.13-core_update74	2.13-core_update74.x
ipfire / ipfire	2.13-core_update75	2.13-core_update75.x
ipfire / ipfire	2.13-core_update76	2.13-core_update76.x
ipfire / ipfire	2.15-core_update79	2.15-core_update79.x
ipfire / ipfire	2.15-core_update81	2.15-core_update81.x
ipfire / ipfire	2.15-core_update82	2.15-core_update82.x
ipfire / ipfire	2.15-core_update83	2.15-core_update83.x
ipfire / ipfire	2.15-core_update84	2.15-core_update84.x
ipfire / ipfire	2.15-core_update85	2.15-core_update85.x
ipfire / ipfire	2.17-core_update88	2.17-core_update88.x
ipfire / ipfire	2.17-core_update89	2.17-core_update89.x
ipfire / ipfire	2.17-core_update91	2.17-core_update91.x
ipfire / ipfire	2.17-core_update93	2.17-core_update93.x
ipfire / ipfire	2.17-core_update95	2.17-core_update95.x
ipfire / ipfire	2.17-core_update97	2.17-core_update97.x
ipfire / ipfire	2.17-core_update98	2.17-core_update98.x
ipfire / ipfire	2.17-core_update99	2.17-core_update99.x
ipfire / ipfire	2.19-core_update100	2.19-core_update100.x
ipfire / ipfire	2.19-core_update101	2.19-core_update101.x
ipfire / ipfire	2.19-core_update102	2.19-core_update102.x
ipfire / ipfire	2.19-core_update105	2.19-core_update105.x
ipfire / ipfire	2.19-core_update106	2.19-core_update106.x
ipfire / ipfire	2.19-core_update107	2.19-core_update107.x
ipfire / ipfire	2.19-core_update108	2.19-core_update108.x
ipfire / ipfire	2.19-core_update111	2.19-core_update111.x
ipfire / ipfire	2.19-core_update112	2.19-core_update112.x
ipfire / ipfire	2.19-core_update113	2.19-core_update113.x
ipfire / ipfire	2.19-core_update114	2.19-core_update114.x
ipfire / ipfire	2.19-core_update116	2.19-core_update116.x
ipfire / ipfire	2.19-core_update117	2.19-core_update117.x
ipfire / ipfire	2.19-core_update118	2.19-core_update118.x
ipfire / ipfire	2.19-core_update119	2.19-core_update119.x
ipfire / ipfire	2.19-core_update120	2.19-core_update120.x
ipfire / ipfire	2.21-core_update122	2.21-core_update122.x
ipfire / ipfire	2.21-core_update123	2.21-core_update123.x

Vulnerability Database

308,926

CVE-2018-16232

Deep Security Visibility Without the Complexity