CVE-2012-4893

Webmin 1.590 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.

References (3)

[Various Sources] http://americaninfosec.com/research/index.html

[Various Sources] http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf

[US Government Resource] http://www.kb.cert.org/vuls/id/788478

Scores

EPSS 0.0060

EPSS Percentile 69.2%

Classification

CWE

CWE-352

Status draft

Affected Products (39)

gentoo/webmin < 1.590

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

gentoo/webmin

... and 24 more

Timeline

Published Sep 11, 2012

Tracked Since Feb 18, 2026