V1s3r1on

CVE-2022-30708 WRITEUP HIGH WORKING POC

Webmin < 1.991 - Remote Code Execution via Authentic Theme File Parameter

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

CVSS 8.8

View Code

CVE-2022-30708 WRITEUP HIGH WORKING POC

Webmin < 1.991 - Remote Code Execution via Authentic Theme File Parameter

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

CVSS 8.8

View Code