Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution

Anandhu K A
Published on
20 Dec 2021

Webmin is a web-based Unix system administration interface. You can set up user accounts, Apache, DNS, file sharing, and much more using any current web browser.An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.main reason for command injection attack is poor input validation.


We suggest that you update Webmin to a version greater than 6.4.3 in order to fix this vulnerability.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu K A
Anandhu K A
Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment