Vulnerabilities > Raspap > Raspap > 2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-30260 | Command Injection vulnerability in Raspap Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 8.8 |
| 2021-06-09 | CVE-2021-33356 | Improper Privilege Management vulnerability in Raspap Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | 8.8 |
| 2021-06-09 | CVE-2021-33358 | OS Command Injection vulnerability in Raspap Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | 8.8 |
| 2020-08-24 | CVE-2020-24572 | OS Command Injection vulnerability in Raspap 2.5 An issue was discovered in includes/webconsole.php in RaspAP 2.5. | 8.8 |