Описание
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.962 (включая)
cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.78779
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
debian
около 5 лет назад
Arbitrary command execution can occur in Webmin through 1.962. Any use ...
CVSS3: 8.8
github
больше 3 лет назад
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
EPSS
Процентиль: 99%
0.78779
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78