CVE-2020-19678

HIGH

pfSense Suricata Package 1.0.1 - Directory Traversal via suricata_logs_browser.php file Parameter

Title source: llm

Description

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

References (3)

Core 3

Core References

Broken Link

http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html

Patch

https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://pastebin.com/8dj59053

Scores

CVSS v3 7.5

EPSS 0.0347

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

oisf/suricata 1.4.6

pfsense/pfsense 2.1.3

pfsense/suricata_package 1.0.1

Published Apr 06, 2023

Tracked Since Feb 18, 2026