Webmin Security Vulnerabilities and Issues — Webmin CVE List

Lucene search

WebminWebmin

11 matches found

CVE•added 2022/07/25 6:15 a.m.•302 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

9.8CVSS9.2AI score0.93797EPSS

Web

CVE•added 2019/06/15 8:29 p.m.•223 views

CVE-2019-12840

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

9CVSS8.8AI score0.8826EPSS

Web

CVE•added 2022/03/02 12:15 p.m.•211 views

CVE-2022-0824

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.

9CVSS8.8AI score0.94003EPSS

Web

CVE•added 2021/04/25 7:15 p.m.•111 views

CVE-2021-31761

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.

9.6CVSS8.9AI score0.81918EPSS

Web

CVE•added 2024/12/30 5:15 p.m.•104 views

CVE-2024-12828

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The iss...

9.9CVSS9.9AI score0.01774EPSS

CVE•added 2020/12/21 8:15 p.m.•93 views

CVE-2020-35606

Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.

9CVSS9AI score0.8826EPSS

CVE•added 2020/12/29 6:15 a.m.•86 views

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

9.8CVSS9.4AI score0.00433EPSS

CVE•added 2018/03/14 7:29 p.m.•77 views

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data fro...

9.8CVSS8.8AI score0.0083EPSS

Web

CVE•added 2022/04/11 6:15 a.m.•67 views

CVE-2021-32157

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

9.6CVSS7.9AI score0.25282EPSS

CVE•added 2007/10/29 7:0 p.m.•50 views

CVE-2002-2360

The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.

9.3CVSS7.6AI score0.03413EPSS

CVE•added 2007/09/24 11:17 p.m.•48 views

CVE-2007-5066

Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.

9CVSS7.1AI score0.0122EPSS