5 matches found
CVE-2019-12840
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi...
CVE-2020-35606
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840...
Webmin Package Updates Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates RCE', 'Description' = %q This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin use...
CVE-2020-35606
CVE-2020-35606 affects Webmin 1.962 and earlier. An authenticated user in the Package Updates module can trigger arbitrary commands with root privileges via vectors involving %0A and %0C, due to an incomplete fix for CVE-2019-12840. Public references describe this as a remote command execution vu...
CVE-2020-35606
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840...