CVE-2024-2497

Name of the Vulnerable Software and Affected Versions RaspAP raspap-webgui version 3.0.9

Description A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For RaspAP raspap-webgui version 3.0.9, consider disabling the includes/provider.php file or restricting access to the HTTP POST Request Handler component until a patch is available. Avoid using the country argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.