Description
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6
Patch, Third Party Advisory x_refsource_misc
https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220
Scores
CVSS v3
9.8
EPSS
0.0043
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
webmin/webmin
1.962
Published
Dec 29, 2020
Tracked Since
Feb 18, 2026