CVE-2005-2847

EXPLOITED

Barracuda Spam Firewall <3.1.17 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2005-2847 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, including a Metasploit module exploits/unix/webapp/barracuda_img_exec.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Barracuda Spam Firewall's img.pl CGI script to achieve remote command execution. It sends a crafted HTTP request with a malicious 'f' parameter to execute arbitrary commands.

Description

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16893

This Metasploit module exploits a directory traversal vulnerability in Barracuda Spam Firewall's img.pl CGI script to achieve remote command execution. It sends a crafted HTTP request with a malicious 'f' parameter to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Barracuda Spam Firewall < 3.1.18
No auth needed
Prerequisites: Network access to the target · Vulnerable version of Barracuda Spam Firewall
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappscgi
https://www.exploit-db.com/exploits/1236

This Metasploit module exploits a command injection vulnerability in Barracuda Spam Firewall's img.pl script by manipulating the 'f' parameter to execute arbitrary commands via shell metacharacters. The exploit sends a crafted HTTP GET request to trigger the vulnerability and includes a check function to verify target susceptibility.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Barracuda Spam Firewall (versions prior to 3.1.18)
No auth needed
Prerequisites: Network access to the target's img.pl script (typically on port 8000) · Target running vulnerable Barracuda Spam Firewall version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/barracuda_img_exec.rb

This Metasploit module exploits a directory traversal vulnerability in Barracuda Spam Firewall's img.pl CGI script to achieve remote command execution. It sends a crafted HTTP request with a malicious path to execute arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Barracuda Spam Firewall appliance versions prior to 3.1.18
No auth needed
Prerequisites: Network access to the target's CGI interface · Vulnerable version of Barracuda Spam Firewall
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14712
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://www.securitytracker.com/alerts/2005/Sep/1014837.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16683/
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112560044813390&w=2

Scores

EPSS 0.8705
EPSS Percentile 99.5%

Details

VulnCheck KEV 2020-12-01
Status published
Products (2)
barracuda_networks/barracuda_spam_firewall 3.1.16
barracuda_networks/barracuda_spam_firewall 3.1.17
Published Sep 08, 2005
Tracked Since Feb 18, 2026