4 matches found
Directory Traversal
billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...
Command Injection
billz/raspap-webgui is vulnerable to Command Injection. The vulnerability exists due to the lack of sanitization of the entity parameter in the /ajax/networking/getwgkey.php POST endpoint, which allows an attacker to inject and execute malicious OS commands as root...
Command Injection
billz/raspap-webgui is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by injecting malicious code via the POST request...
Privilege Escalation
billz/raspap-webgui is vulnerable to privilege escalation. An authenticated attacker is able to inject malicious command to /installers/common.sh component, leading to a remote code execution with root level permission...