CVE-2019-15107
Type:
Command Injection
Severity:
High
Publication date:
08/16/2019
Last modified:
09/16/2019
Description
An issue was discovered in Webmin
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
- cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html (Source: MISC)
- http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html (Source: MISC)
- http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html (Source: MISC)
- http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html (Source: MISC)
- http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html (Source: MISC)
- http://www.webmin.com/security.html (Source: MISC)
- https://www.exploit-db.com/exploits/47230 (Source: MISC)