CVE-2019-12840

Exploitation Summary

EIP tracks 9 public exploits for CVE-2019-12840. PoCs published by AkkuS, KrE80r, bkaraceylan, including Metasploit module exploits/linux/http/webmin_packageup_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2019-12840, a command injection vulnerability in Webmin's Package Updates feature, allowing authenticated users to execute arbitrary commands with root privileges.

Description

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

Exploits (9)

exploitdb WORKING POC VERIFIED

by AkkuS · rubyremotelinux

https://www.exploit-db.com/exploits/46984

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-12840, a command injection vulnerability in Webmin's Package Updates feature, allowing authenticated users to execute arbitrary commands with root privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin <= 1.910

Auth required

Prerequisites: Valid Webmin credentials · Access to the Package Updates module

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by KrE80r · poc

https://github.com/KrE80r/webmin_cve-2019-12840_poc

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-12840, a remote command execution vulnerability in Webmin's Package Updates feature. The exploit authenticates with valid credentials, then injects commands via the update.cgi endpoint to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin <= 1.910

Auth required

Prerequisites: Valid Webmin credentials · Network access to Webmin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 4 stars

by bkaraceylan · poc

https://github.com/bkaraceylan/CVE-2019-12840_POC

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2019-12840, an authenticated remote command execution vulnerability in Webmin's Package Updates feature. The exploit chains authentication bypass and command injection via crafted HTTP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin 1.910 and earlier

Auth required

Prerequisites: Valid Webmin credentials · Network access to Webmin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by fenix0499 · poc

https://github.com/fenix0499/CVE-2019-12840-NodeJs-Exploit

View Code ZIP pw:eip

This repository contains a functional Node.js exploit for CVE-2019-12840, targeting Webmin <= 1.910. The exploit performs authenticated remote command execution via command injection in the package updates feature, establishing a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin <= 1.910

Auth required

Prerequisites: Valid Webmin credentials · Network access to Webmin interface · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Pol-Ruiz · poc

https://github.com/Pol-Ruiz/PoC-CVE-2019-12840

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-12840, a remote code execution vulnerability in Webmin <= 1.910. The exploit leverages a command injection flaw in the package-updates module, allowing authenticated users to execute arbitrary commands or obtain a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin <= 1.910

Auth required

Prerequisites: Valid Webmin credentials · Network access to the Webmin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by WizzzStark · poc

https://github.com/WizzzStark/CVE-2019-12840.py

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2019-12840, an authenticated RCE vulnerability in Webmin's Package Updates feature. The PoC authenticates to Webmin and injects commands via the package update mechanism, providing a fake shell interface.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin (versions prior to 1.930)

Auth required

Prerequisites: Valid Webmin credentials · Network access to Webmin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by zAbuQasem · poc

https://github.com/zAbuQasem/CVE-2019-12840

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-12840, an authenticated remote code execution vulnerability in Webmin 1.910. The exploit leverages the 'Package Updates' feature to execute arbitrary commands via a crafted payload, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin 1.910

Auth required

Prerequisites: Valid Webmin credentials · Session ID (sid) cookie · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS

by anasbousselham · poc

https://github.com/anasbousselham/webminscan

View Code ZIP pw:eip

The repository claims to be a scanner for CVE-2020-35606 and CVE-2019-12840 but contains no actual code or technical details. It appears to be a placeholder or lure.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Webmin

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by AkkuS <Özkan Mustafa Akkuş> · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webmin_packageup_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-12840, a remote command execution vulnerability in Webmin 1.910 and earlier. It authenticates with provided credentials, checks for the 'Package Updates' privilege, and executes arbitrary commands via a crafted POST request to the package-updates endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin <= 1.910

Auth required

Prerequisites: Valid Webmin credentials · Access to the 'Package Updates' module

MITRE ATT&CK