1. Vulnerability Overview:

• Vulnerability Name: Code Injection
• Affected Software: RaspAP-WebGUI
• Vulnerability Location: includes/provider.php (Line 53)
• Severity: Critical

2. Description:

The RaspAP-WebGUI application is vulnerable to code injection due to improper handling of user-controlled input in the $_POST['country'] parameter. The vulnerable code snippet can be found in the provider.php file.

3. Vulnerable Code:

phpCopy code
if (isset($_POST['SaveProviderSettings'])) {
    if (isset($_POST['country'])) {
        $country = escapeshellarg(trim($_POST['country']));
        if (strlen($country) == 0) {
            $status->addMessage('Select a country from the server location list', 'danger');
        } else {
            $return = saveProviderConfig($status, $binPath, $country, $id);
        }
    }
}

• Vulnerability Name: Code Injection
• Affected Software: RaspAP-WebGUI
• Vulnerability Location: includes/provider.php (Line 53)
• Severity: High

2. Description: The RaspAP-WebGUI application is vulnerable to code injection due to improper handling of user-controlled input in the $_POST['country'] parameter. The vulnerable code snippet can be found in the provider.php file.

3. Vulnerable Code:

phpCopy code
if (isset($_POST['SaveProviderSettings'])) {
    if (isset($_POST['country'])) {
        $country = escapeshellarg(trim($_POST['country']));
        if (strlen($country) == 0) {
            $status->addMessage('Select a country from the server location list', 'danger');
        } else {
            $return = saveProviderConfig($status, $binPath, $country, $id);
        }
    }
}

Impact:

• Remote code execution (RCE) on the server.
• Unauthorized access to sensitive data.
• Compromise of system security.