Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-12840
In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Webmin Webmin
12 Github repositories
8.8
CVSSv3
CVE-2020-35606
Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-1...
Webmin Webmin
4 Github repositories
8.8
CVSSv3
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
6.1
CVSSv3
CVE-2017-15646
Webmin prior to 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file downloa...
Webmin Webmin
1 EDB exploit
8.6
CVSSv3
CVE-2017-15644
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
Webmin Webmin
1 EDB exploit
NA
CVE-2002-2201
The Printer Administration module for Webmin 0.990 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the printer name.
Webmin Webmin
6.1
CVSSv3
CVE-2020-12670
XSS exists in Webmin 1.941 and previous versions affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes ...
Webmin Webmin
6.1
CVSSv3
CVE-2017-9313
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin prior to 1.850 allow remote malicious users to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: the...
Webmin Webmin
6.1
CVSSv3
CVE-2017-2106
Multiple cross-site scripting vulnerabilities in Webmin versions before 1.830 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Webmin Webmin
NA
CVE-2007-5066
Unspecified vulnerability in Webmin prior to 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
Webmin Webmin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »