2 matches found
Electric Sheep Fencing pfsense command injection vulnerability
Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A command injection vulnerability exists in the statusinterfaces.php file in Electric Sheep Fencing pfSense versions prior to 2.4.4, which can be exploited by an attack...
CVE-2018-16055
An authenticated command injection vulnerability exists in statusinterfaces.php via dhcprelinquishlease in pfSense before 2.4.4 due to its passing user input from the $POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGU...