CVE-2019-12949
[CVE-2019-12949] From Cross Site Scripting Vulnerability to Remote Code Execution in pfSense 244-p2 and 244-p3 Information Description: In pfSense 244-p2 and 244-p3, if it is possible to trich the authenticated administrator into clicking on a button on a phishing page, an attacker can upload arbitrary executable code via ding_commandphp and rrd_fetch_jsonphp, to a se