CVE-2012-2982

Webmin < 1.590 - Authenticated Remote Command Execution via Invalid Pathname Character

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 20 public exploits for CVE-2012-2982. PoCs published by Metasploit, JohnHammond, cd6629, including Metasploit module exploits/unix/webapp/webmin_show_cgi_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-2982, a command injection vulnerability in Webmin 1.580's /file/show.cgi component, allowing authenticated users to execute arbitrary commands with root privileges.

Description

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Exploits (20)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/21851

This Metasploit module exploits CVE-2012-2982, a command injection vulnerability in Webmin 1.580's /file/show.cgi component, allowing authenticated users to execute arbitrary commands with root privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Valid Webmin credentials · Access to the File Manager Module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 42 stars
by JohnHammond · poc
https://github.com/JohnHammond/CVE-2012-2982

This Python script exploits CVE-2012-2982, a command injection vulnerability in Webmin 1.580 via the `/file/show.cgi` endpoint. It authenticates with provided credentials and executes arbitrary commands by injecting them into the file path parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Valid Webmin credentials · Network access to the target Webmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by cd6629 · poc
https://github.com/cd6629/CVE-2012-2982-Python-PoC

This repository contains a Python-based PoC for CVE-2012-2982, a vulnerability in Webmin that allows remote command execution. The exploit authenticates with hardcoded credentials, then leverages invalid characters in a file path to execute arbitrary commands, resulting in a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin (versions prior to 1.590)
Auth required
Prerequisites: Valid credentials for Webmin · Network access to the Webmin interface · Attacker-controlled listener for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by 0xTas · poc
https://github.com/0xTas/CVE-2012-2982

This is a Rust-based PoC exploit for CVE-2012-2982, targeting an RCE vulnerability in Webmin versions 1.140 to 1.590. It leverages improper input sanitization in the show.cgi component to execute arbitrary commands via a pipe character in the URL path.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.140..=1.590
Auth required
Prerequisites: Valid Webmin credentials · Network access to Webmin port (default 10000)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by OstojaOfficial · poc
https://github.com/OstojaOfficial/CVE-2012-2982

This Python script exploits CVE-2012-2982 in Webmin 1.580, leveraging a command injection vulnerability in the /file/show.cgi component to execute arbitrary commands with root privileges. It authenticates with provided credentials and delivers a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Valid Webmin credentials · Access to the File Manager Module · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Gvmyz · poc
https://github.com/Gvmyz/CVE-2012-2982_Python

This PoC exploits CVE-2012-2982, a command injection vulnerability in Webmin's file show functionality. It authenticates, then injects a reverse shell payload via a crafted request to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin (versions before the fix in commit 1f1411fe7404ec3ac03e803cfa7e01515e71a213)
Auth required
Prerequisites: Network access to Webmin interface · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by marinovharisan · poc
https://github.com/marinovharisan/Webmin-1.580---file-show.cgi-Manual-Remote-Command-Execution-Non-Metasploit-

This repository provides a functional exploit for CVE-2012-2982, demonstrating authenticated remote command execution in Webmin 1.580 via the `/file/show.cgi` component. The exploit leverages insufficient sanitization of the path parameter to inject a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Active Webmin session (authenticated access) · Network connectivity to the target · Listener setup on attacker machine
devstral-2 · analyzed May 26, 2026 Full analysis →
nomisec WORKING POC
by JRrooot · poc
https://github.com/JRrooot/CVE-2012-2982-Webmin-RCE

This is a functional Python PoC for CVE-2012-2982, exploiting an authenticated RCE vulnerability in Webmin 1.580 via improper input sanitization in the file/show.cgi component. It logs in, crafts a malicious URL with command injection, and executes arbitrary commands as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Webmin 1.580 with File Manager module enabled · Valid Webmin credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by boriitoo · poc
https://github.com/boriitoo/CVE-2012-2982

This is a partial PoC for CVE-2012-2982, demonstrating a login mechanism but lacking exploit logic. It sends credentials to a target URL but does not exploit the vulnerability.

Classification
Stub 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Unknown (likely a web application with session_login.cgi)
Auth required
Prerequisites: Target URL with vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by SincIDK · poc
https://github.com/SincIDK/CVE-2012-2982-Exploit-Script

This repository contains a Python exploit script for CVE-2012-2982, targeting a remote code execution vulnerability in Webmin <= 1.580 via the `/file/show.cgi/bin/` endpoint. The exploit leverages authenticated shell command injection to execute a reverse shell payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin <= 1.580
Auth required
Prerequisites: Valid Webmin credentials · Network access to the target · Python 3.x with `requests` library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by lpuv · poc
https://github.com/lpuv/CVE-2012-2982

This PoC exploits a command injection vulnerability in the target software by authenticating and then injecting a reverse shell payload via a crafted URL. It uses a session cookie to maintain authentication and executes arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a web application with session_login.cgi and file/show.cgi endpoints)
Auth required
Prerequisites: Valid credentials for the target application · Network access to the target · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by SieGer05 · poc
https://github.com/SieGer05/CVE-2012-2982-Webmin-Exploit

This is a functional Python exploit for CVE-2012-2982, targeting Webmin 1.590 and earlier. It leverages improper input sanitization in the /file/show.cgi endpoint to execute arbitrary commands via shell metacharacter injection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin <= 1.590
Auth required
Prerequisites: Valid Webmin credentials · Access to the File Manager module · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by elliotosama · poc
https://github.com/elliotosama/CVE-2012-2982

This PoC exploits CVE-2012-2982, a command injection vulnerability in the Webmin file manager. It authenticates to the target, then injects a reverse shell payload via the 'show.cgi' endpoint.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.580 and earlier
Auth required
Prerequisites: valid credentials for Webmin · network access to the target · listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Shadow-Spinner · poc
https://github.com/Shadow-Spinner/CVE-2012-2982_python

This exploit targets CVE-2012-2982 in Webmin 1.580, leveraging a command injection vulnerability in the 'file/show.cgi' endpoint to achieve remote code execution. It authenticates with hardcoded credentials, then sends a reverse shell payload via a crafted request.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Network access to Webmin interface · Valid credentials for Webmin · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by CpyRe · poc
https://github.com/CpyRe/CVE-2012-2982

This repository contains a working exploit for CVE-2012-2982, a command injection vulnerability in Webmin 1.590 and earlier. The exploit leverages an invalid character in a pathname to execute arbitrary commands, resulting in a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin <= 1.590
Auth required
Prerequisites: Valid Webmin credentials · Network access to the target Webmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by varppi · poc
https://github.com/varppi/CVE-2012-2982

This PoC exploits CVE-2012-2982, a command injection vulnerability in Webmin's /file/show.cgi endpoint. It authenticates with provided credentials, then sends a malicious payload to execute a reverse shell via a crafted request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin (versions prior to 1.590)
Auth required
Prerequisites: Valid Webmin credentials · Network access to the target Webmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by 0xF331-D3AD · poc
https://github.com/0xF331-D3AD/CVE-2012-2982

This is a functional exploit for CVE-2012-2982, targeting a command injection vulnerability in Webmin's file show.cgi. It authenticates, extracts a session ID, and executes arbitrary commands via URL-encoded payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin (versions prior to 1.590)
Auth required
Prerequisites: valid Webmin credentials · network access to Webmin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by blu3ming · poc
https://github.com/blu3ming/CVE-2012-2982

This is a Python-based exploit for CVE-2012-2982, targeting Webmin 1.580. It leverages a command injection vulnerability in the 'file/show.cgi' endpoint to achieve remote code execution (RCE) via a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Valid Webmin credentials · Network access to the target · Netcat listener for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Ari-Weinberg · poc
https://github.com/Ari-Weinberg/CVE-2012-2982

This exploit targets CVE-2012-2982, a remote code execution vulnerability in Webmin 1.580. It authenticates with provided credentials and injects a command via a crafted URL path in the file/show.cgi endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: valid Webmin credentials · network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Unknown, juan vazquez · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb

This Metasploit module exploits a command injection vulnerability in Webmin 1.580 via the /file/show.cgi endpoint, allowing authenticated users to execute arbitrary commands with root privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Webmin 1.580
Auth required
Prerequisites: Valid Webmin credentials · Access to the File Manager Module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://americaninfosec.com/research/index.html
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/788478
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027507

Scores

EPSS 0.6192
EPSS Percentile 99.1%

Details

Status published
Products (39)
gentoo/webmin 1.140
gentoo/webmin 1.150
gentoo/webmin 1.160
gentoo/webmin 1.170
gentoo/webmin 1.180
gentoo/webmin 1.200
gentoo/webmin 1.210
gentoo/webmin 1.220
gentoo/webmin 1.230
gentoo/webmin 1.240
... and 29 more
Published Sep 11, 2012
Tracked Since Feb 18, 2026