Описание
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-12840
- https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/46984
- http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/108790
EPSS
Процентиль: 100%
0.89819
Высокий
CVE ID
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVSS3: 8.8
debian
больше 6 лет назад
In Webmin through 1.910, any user authorized to the "Package Updates" ...
EPSS
Процентиль: 100%
0.89819
Высокий