CVE-2017-15644

HIGH

Webmin < 1.850 - SSRF

Title source: rule

Description

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.

Exploits (1)

exploitdb WORKING POC
webappscgi
https://www.exploit-db.com/exploits/42989

References (4)

Scores

CVSS v3 8.6
EPSS 0.1321
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
webmin/webmin < 1.850
Published Oct 19, 2017
Tracked Since Feb 18, 2026