{"id":"CVE-2023-27253","details":"A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.","modified":"2026-04-10T04:56:37.639151Z","published":"2023-03-17T22:15:11.227Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html"},{"type":"FIX","url":"https://redmine.pfsense.org/issues/13935"},{"type":"FIX","url":"https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pfsense/pfsense","events":[{"introduced":"0"},{"fixed":"ca80d18493f8f91b21933ebd6b714215ae1e5e94"}]},{"type":"GIT","repo":"https://github.com/pfsense/pfsense","events":[{"introduced":"0"},{"fixed":"ca80d18493f8f91b21933ebd6b714215ae1e5e94"}]}],"versions":["RELENG_2_2_BETA","Root_RELENG_1_2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}