CVE-2014-4689
pfSense < 2.1.3 - Path Traversal via pkg_edit.php xml Parameter
Title source: llmDescription
Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pfsense.org/security/advisories/pfSense-SA-14_11.webgui.asc
Scores
EPSS
0.0281
EPSS Percentile
84.8%
Details
CWE
CWE-22
Status
published
Products (1)
netgate/pfsense
< 2.1.3
Published
Jul 02, 2014
Tracked Since
Feb 18, 2026