CVE-2019-9624

Name of the Vulnerable Software and Affected Versions Webmin version 1.900

Description The issue is related to insufficient access control in the Webmin control panel, allowing remote attackers to execute arbitrary code. This can be achieved by uploading a crafted .cgi file via the "/updown/upload.cgi" API endpoint, leveraging the "Java file manager" and "Upload and Download" privileges.

Recommendations For Webmin version 1.900, consider disabling the upload functionality via the /updown/upload.cgi API endpoint as a temporary workaround until a patch is available. Restrict access to the "Java file manager" and "Upload and Download" privileges to minimize the risk of exploitation.