Vulnerabilities

CVE-2022-30708

by Fred · 14/05/2022

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

Date published : 2022-05-14

https://github.com/esp0xdeadbeef/rce_webmin

https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py

Similar

Tags: Cybersecurity Alert