CVE-2012-2982

Name of the Vulnerable Software and Affected Versions Webmin versions 1.590 and earlier

Description The issue allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname. This can be achieved by using a | (pipe) character in the file/show.cgi endpoint.

Recommendations For Webmin versions 1.590 and earlier, consider restricting access to the file/show.cgi endpoint until a patch is available. As a temporary workaround, avoid using invalid characters, such as the | (pipe) character, in pathnames to minimize the risk of exploitation.