CVE-2022-23993

CVE-2022-23993

EPSS 1.5%

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb