Jamie Cameron

9 exploits Active since Jul 2017
CVE-2017-15644 WRITEUP HIGH WRITEUP
Webmin < 1.850 - SSRF
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVSS 8.6
CVE-2017-15645 WRITEUP HIGH WRITEUP
Webmin < 1.850 - CSRF
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
CVSS 8.8
CVE-2017-17089 WRITEUP MEDIUM WRITEUP
Webmin <1.870 - XSS
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
CVSS 4.8
CVE-2017-9313 WRITEUP MEDIUM WRITEUP
Webmin <1.850 - XSS
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
CVSS 6.1
CVE-2020-35769 WRITEUP CRITICAL WRITEUP
Webmin 1.962 - Info Disclosure
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
CVSS 9.8
CVE-2022-0829 WRITEUP HIGH WRITEUP
Webmin < 1.990 - Incorrect Authorization
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.1
CVE-2022-30708 WRITEUP HIGH WRITEUP
Webmin <1.991 - RCE
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
CVSS 8.8
CVE-2022-3844 WRITEUP LOW WRITEUP
Webmin 2.001 - XSS
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
CVSS 3.5
CVE-2025-67738 WRITEUP HIGH WRITEUP
Webmin <2.600 - Command Injection
squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the "cms" security option).
CVSS 8.5