CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:pfsense:pfsense:*:*:*:*:community:*:*:*

Information

Published : 2018-01-21 20:29

Updated : 2018-02-09 12:18


NVD link : CVE-2016-10709

Mitre link : CVE-2016-10709


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

pfsense

  • pfsense