CVE-2019-16915
pfSense up to 2.4.4-p3 is affected by a vulnerability in widgets/widgets/picture.widget.php where the widgetkey parameter is used directly (e.g., via basename) to construct a pathname for file_get_contents or file_put_contents without proper sanitization. This enables unrestricted access to local...