← back
CVE-2019-9624

CVE-2019-9624

EPSS 23.7%
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Affected products
n/a · n/a
public PoCs found2
githubgithub.com/x0rbeexd/CVE-2019-96240cve_referencewww.exploit-db.com/exploits/46201unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/46201http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec