Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2025/05/22 11:11 p.m.14 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS6.6AI score0.96049EPSS
Exploits8References1
metasploit
metasploit
added 2022/08/29 6:2 p.m.528 views

Webmin Package Updates RCE

This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager apt, yum, etc. to perform package updates and installation. Due to a lack of input sanitization, it is possibe to inject arbitrary command that will be concatenated to the...

9.8CVSS8.8AI score0.96049EPSS
Exploits8
rapid7blog
rapid7blog
added 2022/08/12 6:52 p.m.83 views

Metasploit Weekly Wrap-Up

Putting in the work! This week we’re extra grateful for the fantastic contributions our community makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron Bowes and bcoles, adding some great new capabilities. Ron Bowes contributed four new modules targeting UnRAR, Zimbra, and...

7.5CVSS0.3AI score0.98975EPSS
Exploits30
githubexploit
githubexploit
added 2022/08/11 11:47 a.m.643 views

Exploit for Improper Encoding or Escaping of Output in Webmin

A Python script to exploit CVE-202...

9.8CVSS9.8AI score0.96049EPSS
Exploits8
zdt
zdt
added 2022/08/01 12:0 a.m.549 views

Webmin 1.996 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html Version: 1.997...

9.8CVSS0.96049EPSS
Exploits8
exploitdb
exploitdb
added 2022/08/01 12:0 a.m.728 views

Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

9.8CVSS9.6AI score0.96049EPSS
Exploits8
packetstorm
packetstorm
added 2022/08/01 12:0 a.m.330 views

Webmin 1.996 Remote Code Execution

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

9.6AI score0.96049EPSS
Exploits8
circl
circl
added 2022/07/25 12:32 p.m.12 views

CVE-2022-36446

creationtimestamp| type| source ---|---|--- 2022-07-25 12:32:52+00:00| seen| https://t.me/cibsecurity/46883 2022-08-09 20:35:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webminpackageupdatesrce.rb 2022-08-11 16:14:53+00:00|...

9.8CVSS7AI score0.96049EPSS
Exploits8References13
nvd
nvd
added 2022/07/25 6:15 a.m.22 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS0.96049EPSS
Exploits8References6
attackerkb
attackerkb
added 2022/07/25 6:15 a.m.3 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS8.7AI score0.96049EPSS
Exploits8References9
cve
cve
added 2022/07/25 5:56 a.m.337 views

CVE-2022-36446

CVE-2022-36446 : Webmin versions before 1.997 are vulnerable to an authenticated remote code execution via software/apt-lib.pl which fails to HTML-escape a UI command, enabling an OS command injection when updating packages. Exploitation requires access to the Software Package Updates module and ...

9.8CVSS9.2AI score0.96049EPSS
Exploits8References6Affected Software1
osv
osv
added 2022/07/25 5:56 a.m.30 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS6.5AI score0.96049EPSS
Exploits8References8
checkpoint_advisories
checkpoint_advisories
added 2021/01/20 12:0 a.m.58 views

Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)

A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.6AI score0.96049EPSS
Exploits10
Rows per page
Query Builder