CVE-2024-36622

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 29, 2024
Updated: Dec 3, 2024
CWE ID 94

Summary

CVE-2024-36622 is a command injection vulnerability affecting RaspAP's raspap-webgui version 3.0.9 and earlier. This issue stems from the clearlog.php script's improper sanitization of user input, specifically the logfile parameter. Malicious users can exploit this flaw to execute arbitrary commands on the affected system, potentially leading to serious security consequences. System administrators are advised to update to the latest version of raspap-webgui as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share