CVE-2024-36622

Published: Nov 29, 2024Modified: Jul 2, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.

Affected (1)

Products: Raspap: Raspap Webgui

Raspap

1 product

Raspap Webgui

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Raspap Raspap Webgui	Up to 3.0.9

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (3)

https://gist.github.com/1047524396/ab997b902ec892e592a0df93f38e6941

Source: cve@mitre.org

Third Party Advisory

https://github.com/RaspAP/raspap-webgui/blob/3.0.9/ajax/logging/clearlog.php

Source: cve@mitre.org

Product

https://github.com/raspap/raspap-webgui/commit/c98d2b0c15942b4829d31dec615b9b40cc6faa14#diff-939ee414d82245c3b3dd7d36b57f10706e06e8f0871b24bdcf9de6e0d181c4c9

Source: cve@mitre.org

Patch

Timeline

No history available yet.