{"id":"CVE-2019-11816","details":"Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.","modified":"2026-04-10T04:14:21.940861Z","published":"2019-05-20T22:29:00.330Z","references":[{"type":"ADVISORY","url":"https://forum.opnsense.org/index.php?topic=12787.0"},{"type":"ADVISORY","url":"https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opnsense/core","events":[{"introduced":"0"},{"fixed":"dff8692b8a230b7a561f8e1fc1cd458318621097"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"19.1.8"}]}}],"versions":["15.1","15.1.1","15.1.10","15.1.10.2","15.1.11","15.1.11.1","15.1.11.2","15.1.11.3","15.1.11.4","15.1.12","15.1.2","15.1.3","15.1.4","15.1.5","15.1.6","15.1.6.1","15.1.7","15.1.7.1","15.1.7.2","15.1.8","15.1.8.1","15.1.8.2","15.1.8.3","15.1.8.4","15.1.9","15.1.9.1","15.1.9.2","15.7","16.7.a","16.7.b","16.7.r","17.1.a","17.1.b","17.1.r","17.7.a","17.7.b","17.7.r","18.1.a","18.1.b","18.1.r","18.7.a","18.7.b","18.7.r","19.1","19.1.1","19.1.2","19.1.3","19.1.4","19.1.5","19.1.6","19.1.7","19.1.a","19.1.b","19.1.r1","19.1.r2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.4.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.4-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.4-p2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11816.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}