← back
CVE-2021-31762

CVE-2021-31762

EPSS 8.8%
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/electronicbots/CVE-2021-317628githubgithub.com/Mesh3l911/CVE-2021-317621cve_referencepacketstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50126unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.htmlhttps://github.com/electronicbots/CVE-2021-31762https://github.com/Mesh3l911/CVE-2021-31762https://github.com/webmin/webminhttps://youtu.be/qCvEXwyaF5U