Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
6.1
CVSSv3
CVE-2020-12670
XSS exists in Webmin 1.941 and previous versions affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes ...
Webmin Webmin
6.1
CVSSv3
CVE-2017-9313
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin prior to 1.850 allow remote malicious users to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: the...
Webmin Webmin
9.8
CVSSv3
CVE-2019-15107
An issue exists in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Webmin Webmin
1 EDB exploit
48 Github repositories
1 Article
8.8
CVSSv3
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
8.8
CVSSv3
CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
6 Github repositories
8.6
CVSSv3
CVE-2017-15644
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
Webmin Webmin
1 EDB exploit
6.1
CVSSv3
CVE-2017-15646
Webmin prior to 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file downloa...
Webmin Webmin
1 EDB exploit
NA
CVE-2002-2201
The Printer Administration module for Webmin 0.990 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the printer name.
Webmin Webmin
9.8
CVSSv3
CVE-2022-36446
software/apt-lib.pl in Webmin prior to 1.997 lacks HTML escaping for a UI command.
Webmin Webmin
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »