Vulnerabilities for webmin 1.995 and usermin 1.850
Usermin
Vulnerabilities for usermin 1850 and prior
Code Execution 1 - CVE-2022-35132
Type: Authenticated code execution
A authenticated user can execute commands using the GPG module This is useful if the shell module has been restricted for that user
Vulnerability:
importcgi line 24 executes unsanitized user input
$out = `$gpgpath --import '$in{'file'}