{"id":"CVE-2022-39987","details":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the \"entity\" POST parameters in /ajax/networking/get_wgkey.php.","aliases":["GHSA-7r88-wjhj-jr8m"],"modified":"2026-04-10T04:50:33.677762Z","published":"2023-08-01T14:15:09.937Z","references":[{"type":"WEB","url":"https://medium.com/%40ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2"},{"type":"ADVISORY","url":"https://github.com/RaspAP/raspap-webgui/blob/master/ajax/networking/get_wgkey.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/raspap/raspap-webgui","events":[{"introduced":"60d151b9762389ac2597f6e6ad9b4901141e3400"},{"last_affected":"c971c5c9bcd8c41814fe95202393b2a63f37f766"}],"database_specific":{"versions":[{"introduced":"2.8.0"},{"last_affected":"2.9.2"}]}}],"versions":["2.8.0","2.8.1","2.8.2","2.8.3","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.9.0","2.9.1","2.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39987.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}