| Description: | | A command injection vulnerability has been reported in the web console of the Electric Sheep Fencing pfSense firewall. The vulnerability is due to a failure on part of the application to properly parse input supplied to the members parameter in the system_groupmanager.php script. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary commands under the security context of ROOT. |