发布于3月6日3月6日 Members pfSense Restore RRD Data Command Injection Disclosed 03/18/2023 Created 07/12/2023 Description This module exploits an authenticated command injection vulnerabilty in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the"WebCfg - Diagnostics: Backup & Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE. Author(s) Emir Polat Platform Unix Architectures cmd Development Source Code History
