Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
6.5
CVSSv2
CVE-2022-30708
Webmin up to and including 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Webmin Webmin
9
CVSSv2
CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
6 Github repositories
5.5
CVSSv2
CVE-2022-0829
Improper Authorization in GitHub repository webmin/webmin before 1.990.
Webmin Webmin
4 Github repositories
NA
CVE-2023-43309
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows malicious users to run malicious scripts by injecting a specially crafted payload.
Webmin Webmin
NA
CVE-2022-36446
software/apt-lib.pl in Webmin prior to 1.997 lacks HTML escaping for a UI command.
Webmin Webmin
4 Github repositories
10
CVSSv2
CVE-2001-1196
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows malicious users to gain privileges via a '..' (dot dot) in the argument.
Webmin Webmin 0.91
1 EDB exploit
5
CVSSv2
CVE-2004-0582
Unknown vulnerability in Webmin 1.140 allows remote malicious users to bypass access control rules and gain read access to configuration information for a module.
Webmin Webmin 1.1.40
1.2
CVSSv2
CVE-2001-0222
webmin 0.84 and previous versions allows local users to overwrite and create arbitrary files via a symlink attack.
Webmin Webmin 0.83
3.5
CVSSv2
CVE-2018-19191
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
Webmin Webmin 1.890
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »