CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

Webmin <= 1.991 Privilege Escalation Vulnerability

Webmin is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

Remote code execution

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

CVE-2022-30708

The CVE-2022-30708 issue affects Webmin up to version 1.991 when the Authentic theme is used and a manually created user exists, allowing remote code execution due to improper restriction of the file parameter in settings-editor_write.cgi. Risk posture is supported by multiple sources (Mageia MGA...

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

MGASA-2022-0090 Updated webmin packages fix security vulnerability

Less privileged Webmin users who do not have any File Manager module restrictions configured can access files with root privileges, if using the default Authentic theme CVE-2022-0824, CVE-2022-0829...

Updated webmin package fixes security vulnerability

The webmin package has been updated to version 1.831, fixing possible security issues in the Authentic theme fixed in 1.801 and/or 1.810, and containing several other bug fixes and enhancements. See the upstream release announcements and change log for details...

WordPress Authentic Arbitrary File Download Vulnerability

WordPress Authentic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress Authentic...

WordPress Authentic Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress Authentic Theme Arbitrary File Download Vulnerability | | Google Dork: inurl:wp-content/themes/authentic | | Date : Date: 2014-09-07 | | Exploi...

WordPress Theme Authentic - &#039;download.php&#039; Arbitrary File Download

source: https://www.securityfocus.com/bid/69671/info Authentic theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information...

WordPress Authentic Theme - Arbitrary File Download

Authentic theme's "download.php" is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the theme...

WordPress Theme Authentic - download.php Arbitrary File Download

WordPress Theme Authentic - download.php Arbitrary File Download source: https://www.securityfocus.com/bid/69671/info Authentic theme for Wordpress is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files from the web server and obtain...