CSRF Vulnerability in Webmin by Virtualmin
CVE-2017-15645

8.8HIGH

Key Information:

Vendor

Webmin

Status
Webmin
Vendor
CVE Published:
19 October 2017

What is CVE-2017-15645?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Webmin 1.850. This vulnerability allows attackers to send crafted GET requests to the at/create_job.cgi endpoint with parameters dir=/&cmd= in the URI, enabling them to execute arbitrary commands on the affected system. This flaw poses a significant threat to system integrity and could potentially lead to unauthorized control, making it crucial for users to update and secure their Webmin installations.

References

http://www.webmin.com/security.html
x_refsource_MISC
https://github.com/webmin/webmin/commit/0c58892732ee7610a...
x_refsource_MISC
https://blogs.securiteam.com/index.php/archives/3430
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.