Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.276 views

pfSense 2.4.4-p3 Cross Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

6.8CVSS0.5AI score0.54541EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/07/26 12:0 a.m.258 views

pfSense 2.4.4-p3 - Cross-Site Request Forgery

Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...

8.8CVSS8.8AI score0.54541EPSS
Exploits4
NVD
NVD
added 2019/09/26 7:15 p.m.28 views

CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...

8.8CVSS8.7AI score0.54541EPSS
Exploits4References2
CVE
CVE
added 2019/09/26 6:38 p.m.144 views

CVE-2019-16667

pfSense 2.4.4-p3 is affected by a Cross‑Site Request Forgery vulnerability in diag_command.php. The issue allows CSRF via the txtCommand or txtRecallBuffer fields, with evidence describing exploitation as OS commands being executed due to csrf_callback() returning a “CSRF token expired” error and...

8.8CVSS8.6AI score0.54541EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder