VYPR
Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Aug 5, 2024

CVE-2019-16915

CVE-2019-16915

Description

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • pfSense/pfSensedescription
  • Pfsense/Pfsensellm-fuzzy
    Range: through 2.4.4-p3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.