Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-15646 | 4.3 |
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file
|
08-11-2017 - 18:19 | 19-10-2017 - 22:29 | |
CVE-2017-15644 | 5.0 |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
|
07-11-2017 - 20:34 | 19-10-2017 - 22:29 | |
CVE-2017-15645 | 6.8 |
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
|
07-11-2017 - 20:28 | 19-10-2017 - 22:29 |