10 matches found
pfSense v2.7.0 - OS Command Injection Exploit
Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...
pfSense v2.7.0 - OS Command Injection
Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...
Metasploit Weekly Wrap-Up
Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...
pfSense Restore RRD Data Command Injection
This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup & Restore" privilege to execute arbitrary operating system commands as the "root"...
CVE-2023-27253
creationtimestamp| type| source ---|---|--- 2023-03-18 01:31:52+00:00| seen| https://t.me/cibsecurity/60279 2023-07-12 18:53:26+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsenseconfigdataexec.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2023-27253
A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...
CVE-2023-27253
A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...
CVE-2023-27253
A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...
CVE-2023-27253
A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...
CVE-2023-27253
pfSense pfSense v2.7.0 is affected by CVE-2023-27253 through a command injection in restore_rrddata() that lets an authenticated user cause arbitrary OS commands by altering the contents of config.xml. Affected component is the restore_rrddata() function; the vulnerability is exploited via crafte...