13 matches found
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...
Webmin Package Updates RCE
This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager apt, yum, etc. to perform package updates and installation. Due to a lack of input sanitization, it is possibe to inject arbitrary command that will be concatenated to the...
Metasploit Weekly Wrap-Up
Putting in the work! This week we’re extra grateful for the fantastic contributions our community makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron Bowes and bcoles, adding some great new capabilities. Ron Bowes contributed four new modules targeting UnRAR, Zimbra, and...
Exploit for Improper Encoding or Escaping of Output in Webmin
A Python script to exploit CVE-202...
Webmin 1.996 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html Version: 1.997...
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...
Webmin 1.996 Remote Code Execution
Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...
CVE-2022-36446
creationtimestamp| type| source ---|---|--- 2022-07-25 12:32:52+00:00| seen| https://t.me/cibsecurity/46883 2022-08-09 20:35:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webminpackageupdatesrce.rb 2022-08-11 16:14:53+00:00|...
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...
CVE-2022-36446
CVE-2022-36446 : Webmin versions before 1.997 are vulnerable to an authenticated remote code execution via software/apt-lib.pl which fails to HTML-escape a UI command, enabling an OS command injection when updating packages. Exploitation requires access to the Software Package Updates module and ...
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...
Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)
A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...