Description
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Carl Livitt · perlremotelinux
https://www.exploit-db.com/exploits/22275
References (17)
Scores
EPSS
0.1550
EPSS Percentile
94.7%
Details
Status
published
Products (18)
engardelinux/guardian_digital_webtool
1.2
usermin/usermin
0.4
usermin/usermin
0.5
usermin/usermin
0.6
usermin/usermin
0.7
usermin/usermin
0.8
usermin/usermin
0.9
usermin/usermin
0.91
usermin/usermin
0.92
usermin/usermin
0.93
... and 8 more
Published
Mar 03, 2003
Tracked Since
Feb 18, 2026