Описание
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.991 (включая)
cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05421
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
debian
больше 3 лет назад
Webmin through 1.991, when the Authentic theme is used, allows remote ...
CVSS3: 8.8
github
больше 3 лет назад
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
EPSS
Процентиль: 90%
0.05421
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo