2 matches found
CVE-2018-16055
An authenticated command injection vulnerability exists in statusinterfaces.php via dhcprelinquishlease in pfSense before 2.4.4 due to its passing user input from the $POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGU...
Command injection
An authenticated command injection vulnerability exists in statusinterfaces.php via dhcprelinquishlease in pfSense before 2.4.4 due to its passing user input from the $POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGU...