Bug #6371: Remote command execution via diag_smart.php - pfSense - pfSense bugtracker

Actions

Copy link

Bug #6371

closed

Remote command execution via diag_smart.php

Added by Jim Pingle almost 8 years ago. Updated about 7 years ago.

Status:

Resolved

Priority:

Very High

Assignee:

Jim Pingle

Category:

Web Interface

Target version:

2.3.1-p1

Start date:

05/19/2016

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.3.1

Affected Architecture:

Description

When action=config and smartmonemail contains a backticked shell command, it is executed on submit. The parameter does have escapeshellarg() but apparently, at least in this case, the backticks are still being executed.

Attacker still needs to work around CSRF and so on.

To me, I have a fix pending.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #6371

Remote command execution via diag_smart.php

Updated by Jim Pingle almost 8 years ago

Updated by Jim Pingle almost 8 years ago

Updated by Chris Buechler almost 8 years ago

Updated by Jim Pingle about 7 years ago