Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution

OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C5 CAPEC-88 CWE-78 HIPAA-78 ISO 27001-A.14.2.5 WASC-31 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-11

Webmin is a web-based Unix system administration interface. You can set up user accounts, Apache, DNS, file sharing, and much more using any current web browser.An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.main reason for command injection attack is poor input validation.

Recommendations

We suggest that you update Webmin to a version greater than 6.4.3 in order to fix this vulnerability.




Latest Articles