Submit #294400: RaspAP RaspAP Web GUI 3.0.9 latest version Code Injection Leading to Remote Code Execution (RCE) in RaspAPinfo

TitleRaspAP RaspAP Web GUI 3.0.9 latest version Code Injection Leading to Remote Code Execution (RCE) in RaspAP
Description## **Vulnerability Overview:** - **Vulnerability Name:** Code Injection - **Affected Software:** RaspAP-WebGUI - **Vulnerability Location:** **`includes/provider.php`** (Line 53) - **Severity:** Critical ## **2. Description:** The RaspAP-WebGUI application is vulnerable to code injection due to improper handling of user-controlled input in the **`$_POST['country']`** parameter. The vulnerable code snippet can be found in the **`provider.php`** file. **3. Vulnerable Code:** ```php phpCopy code if (isset($_POST['SaveProviderSettings'])) { if (isset($_POST['country'])) { $country = escapeshellarg(trim($_POST['country'])); if (strlen($country) == 0) { $status->addMessage('Select a country from the server location list', 'danger'); } else { $return = saveProviderConfig($status, $binPath, $country, $id); } } } ``` - **Vulnerability Name:** Code Injection - **Affected Software:** RaspAP-WebGUI - **Vulnerability Location:** **`includes/provider.php`** (Line 53) - **Severity:** High **2. Description:** The RaspAP-WebGUI application is vulnerable to code injection due to improper handling of user-controlled input in the **`$_POST['country']`** parameter. The vulnerable code snippet can be found in the **`provider.php`** file. **3. Vulnerable Code:** ```php phpCopy code if (isset($_POST['SaveProviderSettings'])) { if (isset($_POST['country'])) { $country = escapeshellarg(trim($_POST['country'])); if (strlen($country) == 0) { $status->addMessage('Select a country from the server location list', 'danger'); } else { $return = saveProviderConfig($status, $binPath, $country, $id); } } } ``` ### **Impact:** - Remote code execution (RCE) on the server. - Unauthorized access to sensitive data. - Compromise of system security. - Potential disruption of service availability.
Source⚠️ https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4
User
 torada (UID 61170)
Submission03/06/2024 20:22 (2 years ago)
Moderation03/15/2024 12:50 (9 days later)
StatusAccepted
VulDB entry256919 [RaspAP raspap-webgui 3.0.9 HTTP POST Request includes/provider.php Country code injection]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!