← voltar
CVE-2019-12840

CVE-2019-12840

EPSS 77.8%
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Produtos afetados
n/a · n/a
PoCs públicas encontradas9
githubgithub.com/KrE80r/webmin_cve-2019-12840_poc8githubgithub.com/bkaraceylan/CVE-2019-12840_POC4githubgithub.com/zAbuQasem/CVE-2019-128400githubgithub.com/WizzzStark/CVE-2019-12840.py0githubgithub.com/Pol-Ruiz/PoC-CVE-2019-128400githubgithub.com/anasbousselham/webminscan0githubgithub.com/fenix0499/CVE-2019-12840-NodeJs-Exploit0cve_referencewww.exploit-db.com/exploits/46984não verificadocve_referencepacketstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.htmlhttps://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/46984http://www.securityfocus.com/bid/108790