Vu Van Hieu

**Name of the Vulnerable Software and Affected Versions** Pfsense version 2.1.3 Pfsense Suricata version 1.4.6 pkg version 1.0.1 **Description** A Directory Traversal issue allows a remote attacker to obtain sensitive information via the `file` parameter to the "suricata/suricata logs browser.php" endpoint. This enables access to files outside the intended directory, potentially revealing confidential data. **Recommendations** For Pfsense version 2.1.3, update to a version that fixes this issue. For Pfsense Suricata version 1.4.6 pkg version 1.0.1, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "suricata/suricata logs browser.php" endpoint to minimize the risk of exploitation.