File Access Vulnerability in Webmin by JustAnotherHostingCompany
CVE-2018-8712

9.8CRITICAL

Key Information:

Vendor: Webmin
Status: Webmin
Vendor: CVE Published:; 14 March 2018

What is CVE-2018-8712?

A security concern has been identified in Webmin versions 1.840 and 1.880 that arises from their default configuration settings. Specifically, when the 'Can view any file as a log file' option is set to 'Yes', users with limited access may exploit this setting to gain unauthorized rights to critical Unix system files. This misconfiguration allows attackers to perform Local File Inclusion (LFI) attacks, where they can construct requests to read sensitive information such as the '/etc/shadow' file. Such vulnerabilities could lead to significant data exposure and compromise of the underlying system integrity.

References

https://www.7elements.co.uk/resources/technical-advisorie...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 14, 2018