A remote code execution vulnerability has been reported in the proxy.cgi script of IPFire. The vulnerability is due to insufficient validation of user-supplied input when creating a new web proxy user. A remote, authenticated attacker could exploit this vulnerability by sending maliciously crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary code under the security context of a non-privileged user.