3 matches found
CVE-2019-16915
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization e.g., a basename call for a pathname to filegetcontents or fileputcontents...
pfSense < 2.4.5 Multiple Vulnerabilities
According to its self-reported version number, the remote pfSense install is to 2.4.5. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a...
Unspecified vulnerability in pfSense widgetkey
pfSense is a set of network firewalls based on FreeBSD Linux. In pfSense version 2.4.4-p3, a security vulnerability exists in the widgets/widgets/picture.widget.php file. The vulnerability stems from the use of the widgetkey parameter without filtering, which can be exploited by an attacker to...