Multiple Command Injection vulnerabilities were discovered in the
pfSense WebGUI during a security audit.
* Command Injection in diag_testport.php
* Command Injection in services_dnsmasq.php
A user granted limited access to the pfSense WebGUI including access to
affected pages can leverage these vulnerabilities to gain increased
privileges, read arbitrary files, execute commands, or perform other
The srcport value passed via POST on diag_testport.php is not properly
validated or sanitized. A specially-crafted string sent as the "srcport"
value can trigger the vulnerability.
The advanced options on the services_dnsmasq.php page are passed to dnsmasq
as command line parameters and they are not properly validated or sanitized.
A specially crafted string sent as the "custom_options" value can trigger