CVE-2017-15645
Webmin 1.850 - Multiple Vulnerabilities
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
Existe CSRF en Webmin 1.850. Enviando una peticiĆ³n GET a at/create_job.cgi que contenga dir=/cmd= en la URI, un atacante puede ejecutar comandos arbitrarios.
Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-10-15 First Exploit
- 2017-10-16 CVE Published
- 2017-10-19 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42989 | 2017-10-15 | |
| https://blogs.securiteam.com/index.php/archives/3430 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | 2017-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.webmin.com/changes.html | 2017-11-07 | |
| http://www.webmin.com/security.html | 2017-11-07 |