9 matches found
Webmin < 1.920 - Authenticated Remote Code Execution
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
CVE-2026-2686
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...
CVE-2026-2686 SECCN Dingcheng G10 session_login.cgi qq os command injection
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/sessionlogin.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclose...
SECCN Dingcheng G10 操作系统命令注入漏洞
SECCN Dingcheng G10 is an industrial-grade edge computing gateway developed by SECCN Technology. Version 3.1.0.181203 of SECCN Dingcheng G10 contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the parameter “User” in the fil...
ROS-20240917-06
A glitch in the sessionlogin.cgi script of the Webmin hosting control panel and web interface for unix-like systems Usermin exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a...
CVE-2024-36453
Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...
CVE-2024-36453
CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...
Webmin Security Vulnerabilities
Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin versions prior to 1.970 and Usermin versions prior to 1.820, which stems from a cross-site scripting vulnerability in sessionlogin.c...
Usermin 1.820 Remote Code Execution
Title: Usermin 1.820 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: =1820 https://www.youtube.com/watch?v=wiRIWFAhz24 !/usr/bin/python3 -- coding: utf-8 -...