CVE-2022-30708

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
6.5
MEDIUM
Affected
3
PROJECTS

Description

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

webmin/webmin
webmin/webmin
Powerful and flexible web-based server management control panel
GitHubGitHub
5.89K
webmin/authentic-theme
webmin/authentic-theme
Official theme for the best server management panel of the 21st Century
GitHubGitHub
965
esp0xdeadbeef/rce_webmin
esp0xdeadbeef/rce_webmin
RCE and privilege escalation webmin version 1.991
GitHubGitHub
7