CVE-2017-15645

Name of the Vulnerable Software and Affected Versions Webmin version 1.850

Description A CSRF issue exists, allowing an attacker to execute arbitrary commands by sending a GET request to the "at/create job.cgi" endpoint with specific parameters in the URI, such as dir=/ and cmd=.

Recommendations For Webmin version 1.850, as a temporary workaround, consider restricting access to the "at/create job.cgi" endpoint until a patch is available. Avoid using the dir and cmd parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.