ROS-20240917-05

Vulnerability in the sysinfo.cgi script implementation of Webmin hosting control panel exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute an arbitrary script...

The vulnerability of the sysinfo.cgi script implemented in the Webmin hosting control panel allows a hacker to execute arbitrary scripts.

The vulnerability in the sysinfo.cgi script of the Webmin hosting panel exists because measures are not taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

CVE-2024-36450

Webmin is affected by CVE-2024-36450 due to a cross-site scripting flaw in sysinfo.cgi present in Webmin versions prior to 1.910. Exploitation can cause arbitrary scripts to run in the victim’s browser, with potential session ID exposure, webpage alteration, or server disruption. The vulnerabilit...

Webmin Security Vulnerabilities

Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin versions prior to 1.910, which stems from a cross-site scripting vulnerability in sysinfo.cgi...

PT-2024-5589 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 1.910 Description: A cross-site scripting vulnerability exists in the sysinfo.cgi of Webmin. If this issue is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website usin...

Code injection

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; semicolon in the name parameter in a systemdoc action, which is injected into phpinfo.php...

CVE-2006-1831

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; semicolon in the name parameter in a systemdoc action, which is injected into phpinfo.php...

Design/Logic Flaw

sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action...

CVE-2006-1831

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; semicolon in the name parameter in a systemdoc action, which is injected into phpinfo.php...

SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit

Exploit for cgi platform in category web applications =========================================================== SysInfo 1.21 sysinfo.cgi Remote Command Execution Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? echo "sysinfo.cgi 1.21 remo...