An issue exists in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmin webmin |
Flawed code traced to home build system, vulnerability can be attacked in certain configs Webmin hole allows attackers to wipe servers clean
Updated The maintainers of Webmin – an open-source application for system-administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations. Joe Cooper, one of the contributing developers, announced the patch in a blog post over the weekend. "This release addresses CVE-2019-15107, which was disclosed earlier today," Cooper said. "We ...