In Webmin up to and including 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmin webmin |