CVE-2015-2079

Exploit

EPSS 0.72%
Published 28.04.2025 00:00:00
Last modified 14.05.2025 18:59:44
Source cve@mitre.org
Teams watchlist Login
Open Login

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Webmin ≫ Usermin Version >= 0.980 < 1.660

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.72%	0.717

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

https://code-white.com/public-vulnerability-list/

Third Party Advisory

https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-2079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2079

EUVD