Command Execution Vulnerability in Webmin by Cloudmin
CVE-2012-2982

Currently unrated

Key Information:

Vendor

Gentoo

Status
Webmin
Vendor
CVE Published:
11 September 2012

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 84%

What is CVE-2012-2982?

A vulnerability exists in Webmin 1.590 and earlier versions that allows remote authenticated users to execute arbitrary commands due to a flaw in handling pathnames. Specifically, an invalid character, such as the pipe (|) character, can be used to manipulate command execution, leading to unauthorized access and potential system compromise. This issue underscores the importance of secure coding practices and proper input validation to prevent exploitation through unauthorized command execution.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-2982
Created by JohnHammond

CVE-2012-2982-Python-PoC
Created by cd6629

CVE-2012-2982
Created by 0xTas

References

http://www.americaninfosec.com/research/dossiers/AISG-12-...
x_refsource_MISC
http://www.kb.cert.org/vuls/id/788478
third-party-advisoryx_refsource_CERT-VN
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac...
x_refsource_CONFIRM

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.