diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-01T22:45:03
Updated: 2024-08-04T03:08:31.835Z
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41282
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-01T23:15:08.347
Modified: 2024-11-21T06:25:57.750
Link: CVE-2021-41282
Redhat
No data.