CVE-2012-2983

Webmin < 1.590 - Unauthenticated Arbitrary File Read via file/edit_html.cgi

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2983. PoCs published by Unknown, juan vazquez, including Metasploit module auxiliary/admin/webmin/edit_html_fileaccess.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Webmin 1.580 via the edit_html.cgi component, allowing authenticated users to access arbitrary files with root privileges. It authenticates with provided credentials and retrieves the specified file using path traversal techniques.

Description

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Exploits (1)

metasploit WORKING POC

by Unknown, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/webmin/edit_html_fileaccess.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Webmin 1.580 via the edit_html.cgi component, allowing authenticated users to access arbitrary files with root privileges. It authenticates with provided credentials and retrieves the specified file using path traversal techniques.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Webmin 1.580

Auth required

Prerequisites: Valid Webmin credentials · Access to the File Manager Module

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_misc

http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf

Patch, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/788478

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027507

Various Sources x_refsource_misc

http://americaninfosec.com/research/index.html

Patch x_refsource_confirm

https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80

Various Sources x_refsource_confirm

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Scores

EPSS 0.5399

EPSS Percentile 98.1%

Details

CWE

CWE-287

Status published

Products (39)

gentoo/webmin 1.140

gentoo/webmin 1.150

gentoo/webmin 1.160

gentoo/webmin 1.170

gentoo/webmin 1.180

gentoo/webmin 1.200

gentoo/webmin 1.210

gentoo/webmin 1.220

gentoo/webmin 1.230

gentoo/webmin 1.240

... and 29 more

Published Sep 11, 2012

Tracked Since Feb 18, 2026