High severity8.8OSV Advisory· Published Jan 22, 2018· Updated Jun 17, 2026
CVE-2016-10709
CVE-2016-10709
Description
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/39709/nvdExploitThird Party AdvisoryVDB Entry
- www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_execnvdExploitThird Party Advisory
- www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdfnvdExploitThird Party Advisory
- www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.ascnvdVendor Advisory
News mentions
0No linked articles in our index yet.