Privilege Escalation

2021-06-1110:33:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.08 Low

EPSS

Percentile

94.3%

JSON

billz/raspap-webgui is vulnerable to privilege escalation. An authenticated attacker is able to inject malicious command to /installers/common.sh component, leading to a remote code execution with root level permission.

CPENameOperatorVersion
billz/raspap-webguile2.6.5

CPE	Name	Operator	Version
	billz/raspap-webgui	le	2.6.5

References

gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf

github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L216

github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L231

github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L314

github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L407

github.com/RaspAP/raspap-webgui/blob/5a7b77459839c9420fac0d10ec28cee1af9bb782/installers/common.sh#L510

github.com/RaspAP/raspap-webgui/commit/061d01cbd56411adbe52a313ff8d04e2bfa893bc

github.com/RaspAP/raspap-webgui/pull/888

github.com/RaspAP/raspap-webgui/releases/tag/2.6.6

0.08 Low

EPSS

Percentile

94.3%

JSON

Related for VERACODE:30914