CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2022-30708
https://notcve.org/view.php?id=CVE-2022-30708
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecución de código remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi no restringe apropiadamente el parámetro de archivo • https://github.com/esp0xdeadbeef/rce_webmin https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py https://github.com/webmin/authentic-theme/releases https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d https://github.com/webmin/webmin/issues/1635 https://github.com/webmin/webmin/releases https://webmin.com/changes.html https://www.twitch.tv/videos/1483029790 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32162
https://notcve.org/view.php?id=CVE-2021-32162
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versión 1.973, mediante la funcionalidad File Manager • https://github.com/Mesh3l911/CVE-2021-32162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32161
https://notcve.org/view.php?id=CVE-2021-32161
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973 mediante la función File Manager • https://github.com/Mesh3l911/CVE-2021-32161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32160
https://notcve.org/view.php?id=CVE-2021-32160
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versión 1.973, mediante la funcionalidad Add Users • https://github.com/Mesh3l911/CVE-2021-32160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32159
https://notcve.org/view.php?id=CVE-2021-32159
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versión 1.973, por medio de la funcionalidad Upload and Download • https://github.com/Mesh3l911/CVE-2021-32159 • CWE-352: Cross-Site Request Forgery (CSRF) •