CVE-2023-30260

HIGH8.8EPSS 2.6%

RaspAP raspap-webgui Command Injection vulnerability

Published: 6/23/2023Modified: 2/16/2024

Description

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.

Affected packages (1)

Packagist/billz/raspap-webguifrom 0, < 2.8.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-30260
PATCHhttps://github.com/RaspAP/raspap-webgui
WEBhttps://eldstal.se/advisories/230328-raspap.html
WEBhttps://github.com/RaspAP/raspap-webgui/commit/238e1670fcef8b18ec4628ee74fc345607536a16
WEBhttps://github.com/RaspAP/raspap-webgui/pull/1322