CVE-2019-12840

Опубликовано: 15 июн. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

Ссылки

http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html
http://www.securityfocus.com/bid/108790
https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46984
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html
http://www.securityfocus.com/bid/108790
https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46984
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

Версия до 1.910 (включая)

EPSS

Процентиль: 100%

0.89819

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-12840

CVSS3: 8.8

debian

больше 6 лет назад

In Webmin through 1.910, any user authorized to the "Package Updates" ...

GHSA-gcq8-ggwj-2xvv

github

больше 3 лет назад