pfSense: pfSense-SA-23_04.webgui: Authenticated Command Execution in the WebGUI

A potential authenticated arbitrary command execution vulnerability was found in
status.php, a component of the pfSense Plus and pfSense CE software GUI.

If there is a file named '/tmp/rules.packages.|<command>|.txt', then when an
authenticated GUI user loads status.php, the GUI executes '<command>'.

This problem is present on pfSense Plus version 22.05.1, pfSense CE version
2.6.0, and earlier versions of both.

In combination with another bug that lets users write arbitrary files, a user
with sufficient privileges to access status.php could run a command directly or
trick another administrator with privileges into running a command.

The commands which work here are of limited use as other characters which might
make it more useful also make it fail to trigger. Furthermore, status.php is not
linked in the GUI and is typically only run under direction of TAC, so
opportunity for exploitation is fairly low.