Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Aug 5, 2024
CVE-2019-16667
CVE-2019-16667
Description
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- pfSense/pfSensedescription
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/158614/pfSense-2.4.4-p3-Cross-Site-Request-Forgery.htmlmitrex_refsource_MISC
- pastebin.com/TEJdu9LNmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.