What is CVE-2016-10709?

CVE-2016-10709 is a vulnerability in N/a. Published 2018-01-22.

Is CVE-2016-10709 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.

EPSS: 0.813 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

wetw0rk/Exploit-Development
rapid7/metasploit-framework
rapid7/metasploit-framework
ARPSyndicate/cvemon
CVEDB/PoC-List
CVEDB/awesome-cve-repo
CVEDB/top
GhostTroops/TOP
JERRY123S/all-poc
cyberanand1337x/bug-bounty-2022

References

www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec (x_refsource_MISC)
www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf (x_refsource_MISC)
39709 (exploit, x_refsource_EXPLOIT-DB)
www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-10709?: CVE-2016-10709 is a vulnerability in N/a. Published 2018-01-22.
Is CVE-2016-10709 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.