8 matches found
CVE-2020-35606
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840...
Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)
A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Webmin <= 1.983 RCE Vulnerability
Webmin is prone to a remote code execution RCE vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Webmin 1.962 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.962 - Package Update Escape Bypass RCE Metasploit', 'Description' = %q This module exploits an arbitrary command execution vulnerability...
Webmin 1.962 - 'Package Updates' Escape Bypass RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.962 - Package Update Escape Bypass RCE Metasploit', 'Description' = %q This module exploits an arbitrary command execution vulnerability...
CVE-2020-35606
creationtimestamp| type| source ---|---|--- 2020-12-21 22:52:17+00:00| seen| https://t.me/cibsecurity/21140 2020-12-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49318 2020-12-31 18:30:13+00:00| seen| https://t.me/CyberSecurityTechnologies/2350 2024-11-14 06:07:39+00:00| seen|...
CVE-2020-35606
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840...
CVE-2020-35606
CVE-2020-35606 affects Webmin 1.962 and earlier. An authenticated user in the Package Updates module can trigger arbitrary commands with root privileges via vectors involving %0A and %0C, due to an incomplete fix for CVE-2019-12840. Public references describe this as a remote command execution vu...