billz/raspap-webgui is vulnerable to Privilege Escalation via OS commaind injection. An attacker can send an input of “a && whoami” to append strval($POST’connect’]) to the end of the exec() function in configureclient.php , executing /etc/raspap/hostapd/enablelog.sh as root with no password and overwriting of the www-data account.
CPE | Name | Operator | Version |
---|---|---|---|
billz/raspap-webgui | le | 2.8.6 | |
billz/raspap-webgui | le | 2.8.6 |
github.com/RaspAP/raspap-webgui
github.com/RaspAP/raspap-webgui/blob/48feef88ffa06979acc9773fe12d8b2fdd6e5e4f/includes/configure_client.php#L20
github.com/RaspAP/raspap-webgui/blob/fabc48c7daae4013b9888f266332e510b196a062/installers/raspap.sudoers
github.com/RaspAP/raspap-webgui/issues/987
zerosecuritypenetrationtesting.com/?page_id=306