CVE-2019-15107

Name of the Vulnerable Software and Affected Versions Webmin versions 1.882 through 1.921

Description The issue is related to a command injection vulnerability in the password change.cgi component of Webmin. This vulnerability allows a remote attacker to execute arbitrary code on the target system by sending a malicious POST request. The old parameter in password change.cgi contains a command injection vulnerability. The exploitation of this vulnerability may allow an attacker to gain access to the system with root privileges.

Recommendations For Webmin versions 1.882 through 1.921, update to a version later than 1.921 to resolve the issue. As a temporary workaround, consider restricting access to the password change.cgi component to minimize the risk of exploitation. Avoid using the old parameter in the affected API endpoint until the issue is resolved.