CVE-2002-2360
Webmin 0.21-0.99 - Unauthenticated Arbitrary File Read/Write and Remote Code Execution via RPC Module
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-2360. PoCs published by Noam Rathaus.
AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Webmin's RPC module, allowing authenticated users to execute arbitrary commands as root via insufficient permission checks. It demonstrates reading/writing to /etc/passwd and /etc/shadow to create a backdoor user.
Description
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
Exploits (1)
This exploit targets a privilege escalation vulnerability in Webmin's RPC module, allowing authenticated users to execute arbitrary commands as root via insufficient permission checks. It demonstrates reading/writing to /etc/passwd and /etc/shadow to create a backdoor user.