12 matches found
CVE-2026-2035
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-2035
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-2035
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
CVE-2019-25368
OPNsense 19.1 contains cross-site scripting vulnerabilities in the diag_backup.php endpoint. The issue allows injection of malicious scripts via multiple parameters (e.g., GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextc...
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
PT-2026-8240
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive GDriveEmail, GDrive GDriveFolderID, GDrive GDriveBackupCount, Nextcloud url, Nextcloud user, Nextcloud...
Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of backup configuration files. The issue results from the lack of...
CVE-2025-13698
Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...
PT-2023-26727 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A command injection issue in the diag backup.php component allows attackers to execute arbitrary commands via a crafted backup...
pfSense Firewall Cross-Site Request Forgery Vulnerability
pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. pfSense suffers from a cross-site request forgery vulnerability. diagbackup.php does not validate all functions sufficiently. Allows an attacker to upload malicious files...