Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7r88-wjhj-jr8m: RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in /ajax/networking/get_wgkey.php.

ghsa
#vulnerability#git#php#auth

RaspAP Command Injection vulnerability

High severity GitHub Reviewed Published Aug 1, 2023 to the GitHub Advisory Database • Updated Aug 4, 2023

Related news

CVE-2022-39987: raspap-webgui/ajax/networking/get_wgkey.php at master · RaspAP/raspap-webgui

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.