Arbitrary Code Execution Vulnerability in Webmin 1.900 via Java File Manager and Upload/Download Privileges

Arbitrary Code Execution Vulnerability in Webmin 1.900 via Java File Manager and Upload/Download Privileges

CVE-2019-9624 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.

Learn more about our Web Application Penetration Testing UK.