CVE-2019-9624

HIGH

Webmin 1.900 - Remote Code Execution via Upload and Download Privilege Abuse

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-9624. PoCs published by AkkuS, x0rbeexd, AkkuS <Özkan Mustafa Akkuş>, including Metasploit module exploits/unix/webapp/webmin_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Webmin 1.900 and earlier versions by uploading a malicious CGI file to execute arbitrary commands with root privileges. It requires valid credentials and access to specific Webmin modules.

Description

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.

Exploits (3)

exploitdb WORKING POC
by AkkuS · rubyremotecgi
https://www.exploit-db.com/exploits/46201

This Metasploit module exploits a command injection vulnerability in Webmin 1.900 and earlier versions by uploading a malicious CGI file to execute arbitrary commands with root privileges. It requires valid credentials and access to specific Webmin modules.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin <= 1.900
Auth required
Prerequisites: Valid Webmin credentials · Access to 'Java file manager' and 'Upload and Download' modules · Access to 'Running Processes' module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by x0rbeexd · poc
https://github.com/x0rbeexd/CVE-2019-9624

This is a functional exploit for CVE-2019-9624, an authenticated RCE vulnerability in Webmin 1.900. It leverages multipart/form-data encoding to bypass input restrictions and execute arbitrary commands via the shell module.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.900
Auth required
Prerequisites: Valid Webmin credentials · Access to Webmin interface (typically port 10000)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by AkkuS <Özkan Mustafa Akkuş> · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/webmin_upload_exec.rb

This Metasploit module exploits an authenticated RCE vulnerability in Webmin 1.900 and earlier by uploading a malicious Perl script via the 'Upload and Download' module, then executing it with root privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin <= 1.900
Auth required
Prerequisites: Valid Webmin credentials · Access to the 'Upload and Download' module · Optional: 'Running Processes' privilege for directory detection
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46201
Exploit, Third Party Advisory x_refsource_misc
https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html

Scores

CVSS v3 7.8
EPSS 0.4188
EPSS Percentile 97.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
webmin/webmin 1.900
Published Mar 07, 2019
Tracked Since Feb 18, 2026