includes/configure_client.php in RaspAP 2.6.6 allows malicious users to execute commands via command injection.
raspap raspap 2.6.6