CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 8CVE-2022-0824 – Improper Access Control to Remote Code Execution in webmin/webmin
https://notcve.org/view.php?id=CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Un Control de Acceso Inapropiado para una Ejecución de Código Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://www.exploit-db.com/exploits/50809 https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell https://github.com/honypot/CVE-2022-0824 http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 https://huntr.dev/bounties/d0049a96-de • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35769
https://notcve.org/view.php?id=CVE-2020-35769
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. El archivo miniserv.pl en Webmin versión 1.962 en Windows, maneja inapropiadamente unos caracteres especiales en los argumentos de consulta para el programa CGI • https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6 https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220 •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 3CVE-2020-35606 – Webmin 1.962 - 'Package Updates' Escape Bypass RCE
https://notcve.org/view.php?id=CVE-2020-35606
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. Una ejecución de comandos arbitraria puede ocurrir en Webmin versiones hasta 1.962. Cualquier usuario autorizado para el módulo Package Updates puede ejecutar comandos arbitrarios con privilegios root por medio de vectores que involucran %0A y %0C. • https://www.exploit-db.com/exploits/49318 http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html https://www.webmin.com/download.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •