NextGuard
UNKNOWNCVE-2026-34794

Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection

Platform

perl

Component

endian-firewall

View on NVD

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

How to fix

Actualice Endian Firewall a una versión posterior a la 3.3.25 para corregir la vulnerabilidad de inyección de comandos. Consulte el sitio web del proveedor para obtener instrucciones sobre cómo actualizar su sistema.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-34794 — Vulnerability Details | NextGuard | NextGuard