pfSense pfBlockerNG Host header command injection

Added: 12/23/2022


pfSense is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers Netgate Security Gateway Appliances.

pfBlockerNG is a pfSense package which allows creation of firewall rules on the appliance.


A vulnerability in pfSense pfBlockerNG allows remote, unauthenticated attackers to inject arbitrary commands in the Host header of an HTTP request.


Upgrade to pfSense pfBlockerNG 2.1.4_27 or higher.


Back to exploit index