CVE-2022-0824

Improper Access Control to Remote Code Execution in webmin/webmin

CVSS 8.3 HIGHEPSS 97.0%CWE-284

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Affected products

webmin · webmin/webmin

public PoCs found — 7

githubgithub.com/faisalfs10x/Webmin-CVE-2022-0824-revshell★ 111 githubgithub.com/pizza-power/golang-webmin-CVE-2022-0824-revshell★ 3 githubgithub.com/gokul-ramesh/WebminRCE-exploit★ 0 githubgithub.com/NUDTTAN91/Webmin-CVE-2022-0824-Enhanced-Exploit★ 0 cve_referencepacketstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/50809unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295 https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html