CVE-2021-31761

CRITICAL

Webmin 1.973 - Reflected Cross-Site Scripting to Remote Command Execution via Running Process Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-31761. PoCs published by Mesh3l_911, Mesh3l911, electronicbots.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Webmin 1.973 to execute arbitrary commands via the 'run.cgi' endpoint. It generates a malicious HTML page that submits a form to execute a reverse shell payload when visited by an authenticated admin.

Description

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.

Exploits (3)

exploitdb WORKING POC
by Mesh3l_911 · pythonwebappslinux
https://www.exploit-db.com/exploits/50144

This exploit leverages a CSRF vulnerability in Webmin 1.973 to execute arbitrary commands via the 'run.cgi' endpoint. It generates a malicious HTML page that submits a form to execute a reverse shell payload when visited by an authenticated admin.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin <= 1.973
Auth required
Prerequisites: Authenticated Webmin admin session · Victim must visit the crafted URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by Mesh3l911 · poc
https://github.com/Mesh3l911/CVE-2021-31761

This repository contains a functional exploit for CVE-2021-31761, which leverages a reflected XSS vulnerability in Webmin to achieve remote command execution (RCE). The exploit generates a malicious link that, when clicked by an authenticated Webmin admin, executes a reverse shell payload via CSRF.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.973
Auth required
Prerequisites: Authenticated Webmin admin session · Network access to the target Webmin instance · Listener setup for reverse shell
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by electronicbots · poc
https://github.com/electronicbots/CVE-2021-31761

This repository contains a functional exploit for CVE-2021-31761, which leverages a reflected XSS vulnerability in Webmin to achieve remote command execution (RCE). The exploit generates a malicious link that, when clicked by an authenticated Webmin admin, triggers a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Webmin 1.973
Auth required
Prerequisites: Authenticated Webmin admin session · Network connectivity to the target · Listener setup for reverse shell
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/webmin/webmin
Exploit, Third Party Advisory x_refsource_misc
https://youtu.be/23VvUMu-28c
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Mesh3l911/CVE-2021-31761
Exploit, Third Party Advisory x_refsource_misc
https://github.com/electronicbots/CVE-2021-31761
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html

Scores

CVSS v3 9.6
EPSS 0.3357
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Products (1)
webmin/webmin 1.973
Published Apr 25, 2021
Tracked Since Feb 18, 2026