CVE-2019-15107

Type: 

Command Injection

Severity: 

High

Publication date: 

08/16/2019

Last modified: 

07/27/2020

Description

An issue was discovered in Webmin

Impact

Access Vector: Through network

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability

Vulnerable software and versions

• cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

• http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html (Source: MISC)
• http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html (Source: MISC)
• http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html (Source: MISC)
• http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html (Source: MISC)
• http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html (Source: MISC)
• http://www.webmin.com/security.html (Source: MISC)
• https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection (Source: MISC)
• https://www.exploit-db.com/exploits/47230 (Source: MISC)

Explanation of fields