CVE-2019-16701

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16701

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16701.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16701

Published

2019-09-25T16:15:12.353Z

Modified

2026-04-10T04:15:11.831320Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

References

Affected packages

Git / github.com/pfsense/pfsense

Affected ranges

Type

GIT

Repo

https://github.com/pfsense/pfsense

Events

Introduced

db2a45dafdd79cf6c1e620ba41ebcf4487856cf1

Fixed

531aaac17018e117d0d0179d3c8ecfd22b6a6a7c

Introduced

Last affected

531aaac17018e117d0d0179d3c8ecfd22b6a6a7c

Introduced

Last affected

de4e0a799cd0e1e7267ecc67019c7befa362d8d0

Introduced

Last affected

3e552cec671e26b8108db4ff8e2f48009947dc1d

Introduced

Last affected

2bf6d4322622765bd1ce6ca8915ff75890885566

Database specific

{
    "versions": [
        {
            "introduced": "2.3.4"
        },
        {
            "fixed": "2.4.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.4-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.4-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.4-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.4-p3"
        }
    ]
}

Affected versions

Other

RELENG_2_2_BETA

Root_RELENG_1_2

v2.*

v2.4.4

v2.4.4_1

v2.4.4_2

v2.4.4_3

v2.4.4_GS

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16701.json"