Description
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534987/100/0/threaded
Vendor Advisory x_refsource_confirm
https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc
Exploit x_refsource_misc
http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73344
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23251
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/36506/
Scores
EPSS
0.3459
EPSS Percentile
97.0%
Details
CWE
CWE-352
Status
published
Products (1)
netgate/pfsense
< 2.2
Published
Apr 10, 2015
Tracked Since
Feb 18, 2026