Arbitrary Code Execution in IPCop Firewall via iptablesgui.cgi

CVE-2013-7418 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability.

Learn more about our User Device Pen Test.