Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp.
A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for
**password_change.cgi** with a specially crafted
Upgrade to Webmin 1.930 or higher.
Versions other than 1.890 are only affected if changing of expired passwords is enabled, which is not the case by default.