8.8

CVE-2021-31762

Exploit
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WebminWebmin Version1.973
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.78% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://github.com/webmin/webmin
Third Party Advisory
Product
http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html
Third Party Advisory
Exploit
VDB Entry
https://github.com/Mesh3l911/CVE-2021-31762
Third Party Advisory
Exploit
https://github.com/electronicbots/CVE-2021-31762
Third Party Advisory
Exploit
https://youtu.be/qCvEXwyaF5U
Third Party Advisory
Exploit