Vulnerabilities > Raspap > Raspap > 2.8.7

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2022-39986 Command Injection vulnerability in Raspap
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
network
low complexity
raspap CWE-77
critical
 9.8
9.8
2023-08-01 CVE-2022-39987 Command Injection vulnerability in Raspap
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
network
low complexity
raspap CWE-77
8.8
8.8
2023-06-23 CVE-2023-30260 Command Injection vulnerability in Raspap
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
network
low complexity
raspap CWE-77
8.8
8.8