CVE-2025-34311 | IPFire up to 2.28 POST calamaris.dat os command injection

A vulnerability classified as critical was found in IPFire up to 2.28. This affects an unknown part of the file /cgi-bin/logs.cgi/calamaris.dat of the component POST Handler. The manipulation of the argument DAY_BEGIN/MONTH_BEGIN/YEAR_BEGIN/DAY_END/MONTH_END/YEAR_END/NUM_DOMAINS/PERF_INTERVAL/NUM_CONTENT/HIST_LEVEL/NUM_HOSTS/NUM_URLS/BYTE_UNIT results in os command injection.

This vulnerability was named CVE-2025-34311. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More