CVE-2020-19678: Path Traversal
First published: Thu Apr 06 2023(Updated: )
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oisf Suricata | =1.4.6 | |
| pfSense pfSense | =2.1.3 | |
| Pfsense Suricata Package | =1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-19678?
The severity of CVE-2020-19678 is high (7.5).
What is the CWE of CVE-2020-19678?
The CWE of CVE-2020-19678 is CWE-22.
Which software versions are affected by CVE-2020-19678?
Pfsense v.2.1.3, Pfsense Suricata v.1.4.6 pkg v.1.0.1 are affected by CVE-2020-19678.
How can a remote attacker exploit CVE-2020-19678?
A remote attacker can exploit CVE-2020-19678 by using the file parameter to suricata/suricata_logs_browser.php to perform directory traversal and obtain sensitive information.
Where can I find more information about CVE-2020-19678?
You can find more information about CVE-2020-19678 at the following references: http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html, https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3, and https://pastebin.com/8dj59053.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- vendor/oisf
- canonical/oisf suricata
- version/oisf suricata/1.4.6
- vendor/pfsense
- canonical/pfsense pfsense
- version/pfsense pfsense/2.1.3
- canonical/pfsense suricata package
- version/pfsense suricata package/1.0.1