Webmin is a web-based Unix system administration interface. You can set up user accounts, Apache, DNS, file sharing, and much more using any current web browser.An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.main reason for command injection attack is poor input validation.
We suggest that you update Webmin to a version greater than 6.4.3 in order to fix this vulnerability.