1357 matches found
CVE-2023-40986
A stored cross-site scripting XSS vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field...
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
CVE-2021-31760
Webmin 1.973 is affected by Cross Site Request Forgery CSRF to achieve Remote Command Execution RCE through Webmin's running process feature...
CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin prior to 1.990...
CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990...
Exploit for Improper Privilege Management in Webmin
CVE-2019-9624 Authenticated RCE for Webmin 1.9.0 Webmin 1.9...
CVE-2019-12840
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi...
Exploit for Generation of Error Message Containing Sensitive Information in Webmin Usermin
No d...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
EUVD-2025-202665
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions the "cms" security option...
CVE-2025-67738
CVE-2025-67738 affects Webmin prior to 2.600. The issue resides in squid/cachemgr.cgi where arguments are not properly quoted, applicable when Webmin’s Squid module and its Cache Manager feature are enabled and an untrusted, authenticated user holds certain Cache Manager permissions (the cms opti...
PT-2025-50582
Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.600 Description The application does not properly handle arguments within the cachemgr.cgi script when the Squid module and its Cache Manager feature are enabled. This issue arises if an unauthorized user gains acces...
Webmin 操作系统命令注入漏洞
Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. An operating system command injection vulnerability exists in versions of Webmin prior to 2.600, which stems from an incorrectly referenced parameter and could lead to securi...
ROS-20251113-02
The Webmin hosting control panel vulnerability involves manipulating the Host header to inject a malicious domain into a password reset email. malicious domain in a password reset link email. Exploitation of the vulnerability could allow an attacker acting remotely to intercept the password reset...
ROS-20251105-05
Vulnerability of passwordchange.cgi script of Webmin hosting control panel and web-interface for unix-like systems Usermin is related to flaws in error reporting mechanism. unix-like systems Usermin is related to a flaw in the error reporting mechanism. Exploitation of the vulnerability could all...
ROS-20251028-01
A vulnerability in the Webmin hosting control panel CGI request handler is associated with errors in processing input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code with root privileges...