PT-2019-12979 · Webmin · Webmin
Akkus
+1
·
Publicado
2019-06-15
·
Atualizado
2020-12-29
·
CVE-2019-12840
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Webmin versions prior to 1.910
Description
The issue allows any user authorized to the "Package Updates" module to execute arbitrary commands with root privileges. This is achieved via the
data parameter to the "update.cgi" endpoint.Recommendations
For versions prior to 1.910, update to version 1.910 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Package Updates" module to minimize the risk of exploitation.
Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webmin