pfSense is prone to a local file-include vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code with escalated privileges. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
