exploitDog

CVE-2021-38556

Опубликовано: 24 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.

Ссылки

https://github.com/RaspAP/raspap-webgui
Product
https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
Third Party Advisory
https://zerosecuritypenetrationtesting.com/?page_id=306
Exploit
Third Party Advisory
VDB Entry
URL Repurposed
https://github.com/RaspAP/raspap-webgui
Product
https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
Third Party Advisory
https://zerosecuritypenetrationtesting.com/?page_id=306
Exploit
Third Party Advisory
VDB Entry
URL Repurposed

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raspap:raspap:2.6.6:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18635

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-7vph-p634-vrqf

CVSS3: 8.8

github

больше 4 лет назад

Command Injection in RaspAP 2.6.6

EPSS

Процентиль: 95%

0.18635

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77