6.8
CVSSv2

CVE-2006-4542

Published: 05/09/2006 Updated: 20/07/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Webmin prior to 1.296 and Usermin prior to 1.226 do not properly handle a URL with a null ("%00") character, which allows remote malicious users to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

Affected Products

Vendor Product Versions
UserminUsermin0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.91, 0.92, 0.93, 0.94, 0.95, 0.96, 0.97, 0.98, 0.99, 1.000, 1.010, 1.020, 1.030, 1.040, 1.051, 1.060, 1.070, 1.080, 1.090, 1.100, 1.110, 1.120, 1.130, 1.140, 1.150, 1.210, 1.220
WebminWebmin0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.21, 0.22, 0.31, 0.41, 0.42, 0.51, 0.76, 0.77, 0.78, 0.79, 0.80, 0.83, 0.84, 0.85, 0.88, 0.90, 0.91, 0.92, 0.92.1, 0.93, 0.94, 0.95, 0.96, 0.97, 0.98, 0.99, 1.0.00, 1.0.10, 1.0.20, 1.0.30, 1.0.40, 1.0.50, 1.0.51, 1.0.60, 1.0.70, 1.0.80, 1.0.90, 1.1.00, 1.1.10, 1.1.20, 1.1.21, 1.1.30, 1.1.40, 1.1.50, 1.2.20, 1.2.30, 1.2.40, 1.2.50, 1.2.60, 1.2.70, 1.2.80, 1.2.90

Vendor Advisories

Several vulnerabilities have been identified in webmin, a web-based administration toolkit The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-3912 A format string vulnerability in miniservpl could allow an attacker to cause a denial of service by crashing the application or exhausting system re ...