| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-15107 | 10.0 |
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
|
28-02-2023 - 15:23 | 16-08-2019 - 03:15 | |
| CVE-2019-15231 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15107. Reason: This candidate is a duplicate of CVE-2019-15107. Notes: All CVE users should reference CVE-2019-15107 instead of this candidate. All references and descriptions in thi
|
22-08-2019 - 19:15 | 20-08-2019 - 00:15 | |
| CVE-2017-15646 | 4.3 |
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file
|
08-11-2017 - 18:19 | 19-10-2017 - 22:29 | |
| CVE-2017-15644 | 5.0 |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
|
07-11-2017 - 20:34 | 19-10-2017 - 22:29 | |
| CVE-2017-15645 | 6.8 |
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
|
07-11-2017 - 20:28 | 19-10-2017 - 22:29 |