## https://sploitus.com/exploit?id=SAINT:BB278D8DC7E38340D87A9F724D32EDFE
Added: 12/23/2022
### Background
[pfSense](<https://www.pfsense.org>) is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers [Netgate](<https://www.netgate.com>) Security Gateway Appliances.
[pfBlockerNG](<https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html>) is a pfSense package which allows creation of firewall rules on the appliance.
### Problem
A vulnerability in pfSense pfBlockerNG allows remote, unauthenticated attackers to inject arbitrary commands in the Host header of an HTTP request.
### Resolution
Upgrade to pfSense pfBlockerNG 2.1.4_27 or higher.
### References
<https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/>