← back
CVE-2023-27253

CVE-2023-27253

EPSS 90.7%
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51608unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.htmlhttps://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94https://redmine.pfsense.org/issues/13935