4 matches found
CVE-2022-30708
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...
Updated webmin packages fix security vulnerability
Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...
CVE-2022-30708
The CVE-2022-30708 issue affects Webmin up to version 1.991 when the Authentic theme is used and a manually created user exists, allowing remote code execution due to improper restriction of the file parameter in settings-editor_write.cgi. Risk posture is supported by multiple sources (Mageia MGA...
CVE-2022-30708
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...