IPFire Firewall Web Interface Command Injection (CVE-2018-16232)

A command injection vulnerability exists in the web interface of IPFire firewall. The vulnerability is due to improper validation of user-supplied requests in the backup.cgi script. Successful exploitation could lead to arbitrary command injection as the nobody user.

You can read the full article here.