4 matches found
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
Webmin 1.840 / 1.880 Local File Inclusion Vulnerability
According to its self-reported version, the Webmin install hosted on the remote host is 1.840 or 1.880. It is, therefore, affected by a local file inclusion vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108563; scriptversion"1.3"; scriptcvsdate"Date:...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-8712
Webmin 1.840/1.880 expose a Local File Inclusion flaw due to weak default config: enabling "Can view any file as a log file" lets non-privileged users read sensitive local files (e.g., /etc/shadow) via GET /syslog/save_log.cgi?view=1&file=/etc/shadow. Root cause: default settings grant access to ...