GHSA-277F-37GW-9GMQ raspap-webgui has a Directory Traversal vulnerability

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

GHSA-7R88-WJHJ-JR8M RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in /ajax/networking/getwgkey.php...

RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in /ajax/networking/getwgkey.php...

CVE-2022-39987

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/getwgkey.php...

CVE-2022-39987

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/getwgkey.php...