Vulnerabilities

CVE-2020-35606

by Fred · 21/12/2020

Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.

Date published : 2020-12-21

https://www.exploit-db.com/exploits/49318

http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html

Similar

Tags: Cybersecurity Alert