8.8

CVE-2021-31760

Exploit
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WebminWebmin Version1.973
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.52% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://github.com/Mesh3l911/CVE-2021-31760
Third Party Advisory
https://github.com/electronicbots/CVE-2021-31760
Third Party Advisory
https://github.com/webmin/webmin
Third Party Advisory
https://youtu.be/D45FN8QrzDo
Third Party Advisory
Exploit