Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
References
Link | Resource |
---|---|
https://github.com/esp0xdeadbeef/rce_webmin | Exploit Third Party Advisory |
https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py | Exploit Third Party Advisory |
https://github.com/webmin/authentic-theme/releases | Release Notes Third Party Advisory |
https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d | Patch Third Party Advisory |
https://github.com/webmin/webmin/issues/1635 | Issue Tracking Third Party Advisory |
https://github.com/webmin/webmin/releases | Release Notes Third Party Advisory |
https://webmin.com/changes.html | Release Notes Vendor Advisory |
https://www.twitch.tv/videos/1483029790 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-15T02:30:14
Updated: 2022-05-15T02:30:14
Reserved: 2022-05-15T00:00:00
Link: CVE-2022-30708
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-15T03:15:07.060
Modified: 2022-05-24T17:19:30.497
Link: CVE-2022-30708
JSON object: View
Redhat Information
No data.
CWE