IPFire versions prior to 2.19 Update Core 101 suffer from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.