vulnerability
pfSense: pfSense-SA-20_04.webgui: Authenticated Arbitrary File Read/Write in the WebGUI
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jan 17, 2020 | Mar 27, 2020 | Feb 18, 2025 |
Description
The Picture Widget (picture.widget.php) widgetkey parameter accepted relative
paths, which allowed for directory traversal. The file upload content was also
not fully validated to ensure that it contained image data.
These issues, when combined, allowed an attacker to upload a PHP file with image
headers to an arbitrary location. The uploaded file could then be executed or
otherwise processed in unexpected ways.
An authenticated user granted access to the picture widget via their associated
privileges, either directly or via group membership, could leverage these flaws
to execute arbitrary code, gain elevated privileges and make arbitrary changes
to the firewall.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.