4 matches found
pfSense 2.4.4-p3 Cross Site Request Forgery
Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...
pfSense 2.4.4-p3 - Cross-Site Request Forgery
Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Date: 2019-09-27 Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freebsd CVE : CVE-2019-16667 Vulnerability...
CVE-2019-16667
diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...
CVE-2019-16667
pfSense 2.4.4-p3 is affected by a Cross‑Site Request Forgery vulnerability in diag_command.php. The issue allows CSRF via the txtCommand or txtRecallBuffer fields, with evidence describing exploitation as OS commands being executed due to csrf_callback() returning a “CSRF token expired” error and...