Full title: pfSense 2.5.2 Shell Upload Exploit 
Category: web applications
Platform: php
This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282). The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module uses the vulnerability to create a web shell and execute payloads with root privileges.

# 0day.today @ http://0day.today/