CVE-2023-30260

HIGH8.8EPSS 2.6%

RaspAP raspap-webgui Command Injection vulnerability

發布日:2023/6/23修改日:2024/2/16

描述

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.

受影響套件(1)

Packagist/billz/raspap-webguifrom 0, < 2.8.9

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-30260
PATCHhttps://github.com/RaspAP/raspap-webgui
WEBhttps://eldstal.se/advisories/230328-raspap.html
WEBhttps://github.com/RaspAP/raspap-webgui/commit/238e1670fcef8b18ec4628ee74fc345607536a16
WEBhttps://github.com/RaspAP/raspap-webgui/pull/1322