4 matches found
CVE-2025-50989
OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...
PT-2025-34873
Name of the Vulnerable Software and Affected Versions: OPNsense version 25.1 Description: OPNsense version 25.1 contains an authenticated command injection issue in the Bridge Interface Edit endpoint interfaces bridge edit.php. The span POST parameter is concatenated into a system-level command...
Deciso OPNsense 操作系统命令注入漏洞
Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. An operating system command injection vulnerability exists in Deciso OPNsense version 25.1, which stems from improper handling of the span parameter in the Bridge Interface Edit...
CVE-2025-50989
OPNsense before 25.1.8 suffers an authenticated command injection in the Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The POST parameter span is concatenated into a system-level command without sanitization, allowing an administrator to inject arbitrary shell commands and payloads...