Project

General

Profile

Actions

Bug #9731

closed

Path Traversal vulnerability in picture widget

Added by Steve Beaver about 2 years ago. Updated over 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
Dashboard
Target version:
Start date:
09/06/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Vulnerability Description :- The `pfSense` firewall is vulnerable to Remote Code Execution due to `Path Traversal vulnerability`. The file `picture.widget.php` improperly handles `path traversal characters` when uploading an image.

An authenticated remote attacker can exploit this vulnerability by changing the upload file name with traversal characters such as (../) & also replacing the image content with a PHP code inside, along with a valid image header (GIF89a).

Actions #1

Updated by Steve Beaver about 2 years ago

  • Status changed from New to Feedback

Validate widget key by regex before accepting new image

Actions #2

Updated by Steve Beaver about 2 years ago

  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle about 2 years ago

  • Target version changed from 2.5.0 to 2.4.5
Actions #4

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Duplicate
  • Target version deleted (2.4.5)

Though this had a separate fix applied, I believe it's really the same issue as #9610

Actions #5

Updated by Jim Pingle over 1 year ago

  • Target version set to 2.4.5
  • Private changed from Yes to No
Actions

Also available in: Atom PDF