CVE-2019-15107 Scanner
Detects 'OS Command Injection' vulnerability in Webmin affects v. 1.920 and before.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2019-15107 Scanner Detail
Webmin is a popular web-based system configuration tool used to manage Unix and Linux servers. It provides a user-friendly interface for administrators to easily manage and configure their servers. Webmin allows users to configure various system settings, create and delete user accounts, configure network settings, and more. With its intuitive graphical user interface, Webmin simplifies server administration tasks.
The CVE-2019-15107 vulnerability discovered in Webmin <=1.920 is a serious issue. The vulnerability appears in the password_change.cgi script, which contains a command injection vulnerability. Essentially, an attacker could exploit this vulnerability by sending a specially crafted request to the server, leading to the execution of arbitrary code. As a result, an attacker could gain access to critical system files, potentially leading to a complete system compromise.
If this vulnerability is exploited, a remote attacker could execute unauthorized code on the system, gaining full administrative access to the affected Webmin server. This could lead to a range of critical consequences, including data theft, malware deployment, system disruption, and more. In short, compromising the Webmin server could significantly impact the security and stability of an entire system.
In conclusion, Webmin is a valuable tool for managing Unix and Linux servers, but it is not immune to vulnerabilities. It is crucial to keep Webmin and other system components up-to-date to prevent unauthorized access and intrusion. Thanks to pro features available on the securityforeveryone.com platform, administrators can quickly and easily learn about vulnerabilities in their digital assets, enabling them to take action to protect their systems and data.
REFERENCES
- http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html
- http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html
- http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html
- http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
- http://www.webmin.com/security.html
- https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection
- https://www.exploit-db.com/exploits/47230
control security posture