Описание
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3