cbcvebase.
CVE-2015-2295
published 2015-04-10

CVE-2015-2295: Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to…

PriorityP358medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
65.93%
99.2th percentile
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
netgatepfsense<= 2.2

Detection & IOCsextracted from sources · hover to see the quote

path/system_firmware_restorefullbackup.php
urlhttps://[host]/system_firmware_restorefullbackup.php?deletefile=../etc/passwd
  • Monitor HTTP GET requests to /system_firmware_restorefullbackup.php containing the 'deletefile' parameter, especially with path traversal sequences (e.g., '../') indicating arbitrary file deletion attempts.
  • Alert on unauthenticated or cross-origin POST/GET requests to /system_firmware_restorefullbackup.php, as the vulnerability stems from missing HTTP request origin validation enabling CSRF-driven file deletion with root privileges.
  • ·The CSRF exploit requires the administrator to be authenticated and tricked into visiting a malicious page; the attack vector is network-based but requires social engineering of a logged-in admin session.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.