billz/raspap-webgui is vulnerable to privilege escalation. An authenticated attacker is able to inject malicious command to /installers/common.sh component, leading to a remote code execution with root level permission.
CPE | Name | Operator | Version |
---|---|---|---|
billz/raspap-webgui | le | 2.6.5 |
gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf
github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L216
github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L231
github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L314
github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L407
github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L510
github.com/RaspAP/raspap-webgui/commit/061d01cbd56411adbe52a313ff8d04e2bfa893bc
github.com/RaspAP/raspap-webgui/pull/888
github.com/RaspAP/raspap-webgui/releases/tag/2.6.6