pfSense 2.5.2

CPE Details

pfSense 2.5.2
2.5.2
2022-03-07 13:32 +00:00
2022-11-09 15:47 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:*:*:*:*

Informations

Vendor

pfsense

Product

pfsense

Version

2.5.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42247 2022-10-03 13:31 +00:00 pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
6.1
MEDIUM
CVE-2021-41282 2022-03-01 21:45 +00:00 diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
8.8
HIGH
CVE-2022-23993 2022-01-26 17:22 +00:00 /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
6.1
MEDIUM