Webmin less than or equal to 1.920 Unauthenticated Remote Command Execution

By
Anandhu K A
Published on
20 Dec 2021
Vulnerability

Webmin is a web-based Unix system administration interface. You can set up user accounts, Apache, DNS, file sharing, and much more using any current web browser.An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.main reason for command injection attack is poor input validation.

Recommendations

We suggest that you update Webmin to a version greater than 6.4.3 in order to fix this vulnerability.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu K A
Anandhu K A
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.