Abdel Adim

**Name of the Vulnerable Software and Affected Versions** pfSense version 2.5.2 **Description** The issue allows sed data injection in diag routes.php. Authenticated users can inject sed-specific code and write an arbitrary file in an arbitrary location. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although common protection mechanisms against command injection are used, such as the escapeshellarg function for the arguments, the sed-specific code injection is still possible. **Recommendations** For pfSense version 2.5.2, consider disabling the diag routes.php functionality until a patch is available to prevent sed data injection. Restrict access to the netstat utility and sed utility to minimize the risk of exploitation. Avoid using the sed utility to parse the output of the netstat utility in the affected diag routes.php file until the issue is resolved.