Headline
GHSA-7r88-wjhj-jr8m: RaspAP Command Injection vulnerability
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the entity
POST parameters in /ajax/networking/get_wgkey.php
.
RaspAP Command Injection vulnerability
High severity GitHub Reviewed Published Aug 1, 2023 to the GitHub Advisory Database • Updated Aug 4, 2023
Related news
CVE-2022-39987: raspap-webgui/ajax/networking/get_wgkey.php at master · RaspAP/raspap-webgui
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.