CVE-2006-4542

2006-09-05T23:04:00
ID CVE-2006-4542
Type cve
Reporter cve@mitre.org
Modified 2017-07-20T01:33:00

Description

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. This vulnerability is addressed in the following product releases: Webmin, Webmin, 1.296 Usermin, Usermin, 1.226