CVE-2024-36622

Name of the Vulnerable Software and Affected Versions RaspAP raspap-webgui versions 3.0.9 and earlier

Description A command injection issue exists in the clearlog.php script due to improper sanitization of user input passed via the logfile parameter. This allows for potential exploitation.

Recommendations For versions 3.0.9 and earlier, as a temporary workaround, consider restricting access to the clearlog.php script until a patch is available. Avoid using the logfile parameter in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.