CVE-2025-50974

{"id": "CVE-2025-50974", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-08-26T17:15:38.490", "references": [{"url": "https://github.com/4rdr/proofs/blob/main/info/IPFire-2.29-Command-Injection.md", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of the following parameters BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, YEAR_END."}, {"lang": "es", "value": "El CGI del exportador de registros de Calamaris (/cgi-bin/logs.cgi/calamaris.dat) en IPFire 2.29 no depura correctamente la entrada proporcionada por el usuario antes de incorporar valores de par\u00e1metros en un comando de shell. Un atacante remoto no autenticado puede inyectar comandos arbitrarios del sistema operativo incrustando metacaracteres de shell en cualquiera de los siguientes par\u00e1metros: BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, YEAR_END."}], "lastModified": "2025-09-09T18:56:04.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ipfire:ipfire:2.29:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9439E2-21E1-4248-AC20-0F7EDC356ABC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}