CVE-2020-8821
- EPSS 82.15%
- Veröffentlicht 12.10.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:39:30
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTM...
CVE-2020-8820
- EPSS 0.57%
- Veröffentlicht 12.10.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:39:30
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload wil...
CVE-2020-12670
- EPSS 0.69%
- Veröffentlicht 12.10.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:02
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View functi...
CVE-2019-15642
- EPSS 38.04%
- Veröffentlicht 26.08.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:29:11
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify an...
CVE-2019-15641
- EPSS 1.45%
- Veröffentlicht 26.08.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:29:10
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
- EPSS 99.77%
- Veröffentlicht 16.08.2019 03:15:11
- Zuletzt bearbeitet 06.11.2025 16:50:47
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
- EPSS 77.81%
- Veröffentlicht 15.06.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:23:41
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2018-19191
- EPSS 39.07%
- Veröffentlicht 21.03.2019 16:00:30
- Zuletzt bearbeitet 21.11.2024 03:57:30
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
CVE-2019-9624
- EPSS 23.69%
- Veröffentlicht 07.03.2019 05:29:01
- Zuletzt bearbeitet 21.11.2024 04:51:59
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
CVE-2018-8712
- EPSS 1.83%
- Veröffentlicht 14.03.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:11
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system fi...