PT-2020-17359 · Webmin · Webmin
Published
2020-12-21
·
Updated
2022-04-26
·
CVE-2020-35606
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Webmin versions prior to 1.963
Description
Arbitrary command execution can occur due to an incomplete fix for a previous issue. This allows any user authorized for the Package Updates module to execute arbitrary commands with root privileges via specific vectors involving
%0A and %0C.Recommendations
For versions prior to 1.963, update to version 1.963 or later to resolve the issue. As a temporary workaround, consider restricting access to the Package Updates module to minimize the risk of exploitation.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmin