CVE-2019-15642

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 1.920

Description The issue allows authenticated remote code execution via a crafted object name. This is because the unserialise variable function makes an eval call. It's noted that RPC can be used to run any command or modify any file on a server, emphasizing the importance of restricting access to trusted Webmin users.

Recommendations For versions prior to 1.920, update to version 1.920 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPC functionality to minimize the risk of exploitation.