Actions
Bug #9731
closedPath Traversal vulnerability in picture widget
Start date:
09/06/2019
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
Vulnerability Description :- The `pfSense` firewall is vulnerable to Remote Code Execution due to `Path Traversal vulnerability`. The file `picture.widget.php` improperly handles `path traversal characters` when uploading an image.
An authenticated remote attacker can exploit this vulnerability by changing the upload file name with traversal characters such as (../) & also replacing the image content with a PHP code inside, along with a valid image header (GIF89a).
Updated by Anonymous over 5 years ago
- Status changed from New to Feedback
Validate widget key by regex before accepting new image
Updated by Anonymous over 5 years ago
- % Done changed from 0 to 100
Applied in changeset 42839d824d51cad3a8a55fccb2dc96368568ce8e.
Updated by Jim Pingle about 5 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Duplicate
- Target version deleted (
2.4.5)
Though this had a separate fix applied, I believe it's really the same issue as #9610
Updated by Jim Pingle over 4 years ago
- Target version set to 2.4.5
- Private changed from Yes to No
Actions