{"id":"CVE-2016-10709","details":"pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.","modified":"2026-04-10T03:50:23.552313Z","published":"2018-01-22T04:29:00.203Z","references":[{"type":"ADVISORY","url":"https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/39709/"},{"type":"EVIDENCE","url":"https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec"},{"type":"EVIDENCE","url":"https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/pfsense","events":[{"introduced":"0"},{"last_affected":"392796a4610568932ab051b9e33bcd25716d80dc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.6"}]}}],"versions":["RELENG_2_2_0","RELENG_2_2_1","RELENG_2_2_2","RELENG_2_2_4","RELENG_2_2_5","RELENG_2_2_6","RELENG_2_2_BETA","Root_RELENG_1_2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10709.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}