CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

Published: Apr 6, 2023
Updated: Apr 19, 2023
CVE: CVE-2020-19678
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
oisf / suricata	1.4.6	1.4.6.x
pfsense / suricata_package	1.0.1	1.0.1.x
pfsense / pfsense	2.1.3	2.1.3.x

http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html
https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3
https://pastebin.com/8dj59053

Vulnerability Database

289,697

CVE-2020-19678