HIGH🇬🇧 English

CVE-2020-19678

CVSS 7.5v3.1pub. 2023-04-06upd. 2025-02-12

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Oisf Suricata

    APP
    Oisf
    1.4.6
  • Pfsense

    APP
    Pfsense
    2.1.3
  • Pfsense Suricata Package

    APP
    Pfsense
    1.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2025-69690CRITICAL9.1PL ✓ten sam produkt

pfSense CE 2.7.2 — RCE przez deserializację PHP w instalatorze modułów

CVE-2025-69691CRITICAL9.9PL ✓ten sam produkt

Netgate pfSense CE 2.8.0 — RCE przez XMLRPC API (pfsense.exec_php)

CVE-2023-29974CRITICAL9.8ten sam produkt

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password...

CVE-2023-35853CRITICAL9.8ten sam produkt

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lu...

CVE-2023-27100CRITICAL9.8ten sam produkt

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus so...