CVE-2018-4019
published 2018-12-03CVE-2018-4019: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The…
PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
48.72%
98.7th percentile
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ghost | sqlite3 | >= 0 < 3.8.2-1ubuntu2.2+esm1 | 3.8.2-1ubuntu2.2+esm1 |
| netgate | netgate_pfsense | — | — |
| netgate | pfsense | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wwxp-r7wf-8w8j: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2
ghsa_unreviewed·2022-05-13
CVE-2018-4019 [HIGH] CWE-78 GHSA-wwxp-r7wf-8w8j: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.
OSV
sqlite3 vulnerabilities
osv·2019-06-19·CVSS 5.9
CVE-2017-2518 sqlite3 vulnerabilities
sqlite3 vulnerabilities
USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain SQL files.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2017-2518)
It was discovered that SQLite incorrectly handled certain queries.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-20346, CVE-2018-20506)
It was discovered that SQLite incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.
(CVE-2019-8457)
It was discovered that SQLite incorrectly handled certain inputs.
An attacker could possibly use th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-03
Published