CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pfsense:pfsense:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2018-01-22 04:29

Updated : 2024-02-04 19:46


NVD link : CVE-2016-10709

Mitre link : CVE-2016-10709

CVE.ORG link : CVE-2016-10709


JSON object : View

Products Affected

pfsense

  • pfsense
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')