CVE-2023-30260: Improper Neutralization of Special Elements used in a Command ('Command Injection')

June 23, 2023 (updated July 3, 2023)

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.

References

eldstal.se/advisories/230328-raspap.html
github.com/RaspAP/raspap-webgui/commit/238e1670fcef8b18ec4628ee74fc345607536a16
github.com/RaspAP/raspap-webgui/pull/1322
github.com/advisories/GHSA-hhqm-f4m4-pq39
nvd.nist.gov/vuln/detail/CVE-2023-30260

Detect and mitigate CVE-2023-30260 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →