Filtered by vendor Webmin
Subscribe
Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30708 | 1 Webmin | 1 Webmin | 2022-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | |||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2022-05-13 | 5.5 MEDIUM | 8.1 HIGH |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2022-05-13 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2020-35606 | 1 Webmin | 1 Webmin | 2022-04-26 | 9.0 HIGH | 8.8 HIGH |
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | |||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | |||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2021-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | |||||
| CVE-2019-9624 | 1 Webmin | 1 Webmin | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. | |||||
| CVE-2019-12840 | 1 Webmin | 1 Webmin | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | |||||
| CVE-2019-15642 | 1 Webmin | 1 Webmin | 2019-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." | |||||
| CVE-2017-15644 | 1 Webmin | 1 Webmin | 2017-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||||
| CVE-2017-15645 | 1 Webmin | 1 Webmin | 2017-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |||||