CVE-2012-4893
Webmin < 1.590 - Cross-Site Request Forgery via file/show.cgi
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/788478
Various Sources x_refsource_misc
http://americaninfosec.com/research/index.html
Scores
EPSS
0.0060
EPSS Percentile
69.8%
Details
CWE
CWE-352
Status
published
Products (39)
gentoo/webmin
1.140
gentoo/webmin
1.150
gentoo/webmin
1.160
gentoo/webmin
1.170
gentoo/webmin
1.180
gentoo/webmin
1.200
gentoo/webmin
1.210
gentoo/webmin
1.220
gentoo/webmin
1.230
gentoo/webmin
1.240
... and 29 more
Published
Sep 11, 2012
Tracked Since
Feb 18, 2026