CVE-2024-2497 | RaspAP raspap-webgui 3.0.9 HTTP POST Request includes/provider.php country code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection.

The identification of this vulnerability is CVE-2024-2497. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2497 | RaspAP raspap-webgui 3.0.9 HTTP POST Request includes/provider.php country code injection

Post correlati

CVE-2024-24822 | Pimcore admin-ui-classic-bundle up to 1.3.2 authorization

CVE-2023-45587 | Fortinet FortiSandbox up to 3.1.5/3.2.4/4.0.4/4.2.6/4.4.2 HTTP Request cross site scripting (FG-IR-23-360)

CVE-2024-21091 | Oracle Agile Product Lifecycle Management for Process 6.2.4.2 Data Import information disclosure

CVE-2024-2047 | ElementsKit Elementor Addons Plugin up to 3.0.6 on WordPress render_raw file inclusion