CVE-2024-36622
- Source
- https://cve.org/CVERecord?id=CVE-2024-36622
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36622.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-36622
- Published
- 2024-11-29T18:15:08.140Z
- Modified
- 2026-02-15T00:42:23.133351Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
- References
-
- https://github.com/RaspAP/raspap-webgui/blob/3.0.9/ajax/logging/clearlog.php
- https://gist.github.com/1047524396/ab997b902ec892e592a0df93f38e6941
- https://github.com/raspap/raspap-webgui/commit/c98d2b0c15942b4829d31dec615b9b40cc6faa14#diff-939ee414d82245c3b3dd7d36b57f10706e06e8f0871b24bdcf9de6e0d181c4c9
Affected packages
Git / github.com/raspap/raspap-webgui
Affected ranges
- Type
- GIT
- Repo
- https://github.com/raspap/raspap-webgui
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0
1.3.1
1.4.0
1.4.1
1.5
1.5.1
1.6
1.6.1
1.6.2
2.*
2.0
2.1
2.2
2.3
2.3.1
2.4
2.4-beta
2.4.1
2.5
2.5.1
2.5.2
2.6
2.6-beta
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
3.*
3.0
3.0-beta
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
v1.*
v1.0
v1.1
v1.2.0
v1.2.1
v1.3.0