CVSS Base Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Detection Type: exploit
Solution Type: Vendor Patch
Summary: Webmin is prone to a remote code execution (RCE) vulnerability.
Detection Method: Checks if a vulnerable version is present on the target host.
Technical Details: The parameter old in password_change.cgi contains a command injection
vulnerability. The password change module has to be enabled to be exploitable.
Impact: Successful exploitation would allow an authorized attacker to gain
control over the target system.
Affected Versions: Webmin versions 1.882 to 1.921.
Recommendations: Update to version 1.930 or later.
Web application abuses
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
WordPress Admin Columns plugin <= 3.4.6 CSV Injection Vulnerability
HP Printers Multiple Vulnerabilities (HPSBPI03630)
Debian LTS Advisory ([SECURITY] [DLA 1986-1] ruby-haml security update)
Debian LTS Advisory ([SECURITY] [DLA 1987-1] firefox-esr security update)
Debian LTS Advisory ([SECURITY] [DLA 1984-1] gdal security update)
Avast Antivirus <= 19.3.2369 XSS Vulnerability (Windows)
AVG Antivirus <= 19.3.3084 XSS Vulnerability (Windows)
Debian LTS Advisory ([SECURITY] [DLA 1985-1] djvulibre security update)
Debian Security Advisory DSA 4561-1 (fribidi - security update)
Forcepoint Email Security Detection (HTTP)
Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.