Vulnerability Details CVE-2024-36622
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://gist.github.com/1047524396/ab997b902ec892e592a0df93f38e6941
- https://github.com/RaspAP/raspap-webgui/blob/3.0.9/ajax/logging/clearlog.php
- https://github.com/raspap/raspap-webgui/commit/c98d2b0c15942b4829d31dec615b9b40cc6faa14#diff-939ee414d82245c3b3dd7d36b57f10706e06e8f0871b24bdcf9de6e0d181c4c9
Products affected by CVE-2024-36622
-
cpe:2.3:a:raspap:raspap-webgui:*