CVE-2021-38556
HIGHRaspAP 2.6.6 - OS Command Injection in configure_client.php
Title source: llmDescription
includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection.
References (3)
Core 3
Core References
Product x_refsource_misc
https://github.com/RaspAP/raspap-webgui
Third Party Advisory x_refsource_misc
https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php
Exploit, Third Party Advisory, VDB Entry, URL Repurposed x_refsource_misc
https://zerosecuritypenetrationtesting.com/?page_id=306
Scores
CVSS v3
8.8
EPSS
0.1304
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
billz/raspap-webgui
0Packagist
raspap/raspap
2.6.6
Published
Aug 24, 2021
Tracked Since
Feb 18, 2026