Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Electric Sheep Fencing pfsense 命令注入漏洞
Vulnerability Description
Electric Sheep Fencing pfsense是美国Electric Sheep Fencing公司的一套免费开源的基于FreeBSD的防火墙和路由器软件。 Electric Sheep Fencing pfSense 2.4.4之前版本中的status_interfaces.php文件存在命令注入漏洞。攻击者可借助‘dhcp_relinquish_lease()’函数利用该漏洞在root用户的上下文中执行命令。
CVSS Information
N/A
Vulnerability Type
N/A