Arbitrary Command Execution with Root Privileges in Webmin Package Updates Module

Arbitrary Command Execution with Root Privileges in Webmin Package Updates Module

CVE-2019-12840 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

Learn more about our Web App Pen Testing.