CVE-2021-31762

HIGH

Webmin 1.973 - Cross-Site Request Forgery via User Addition Feature

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-31762. PoCs published by Mesh3l_911, electronicbots, Mesh3l911.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Webmin 1.973 and earlier versions, allowing an attacker to create a malicious HTML form that, when visited by an authenticated user, can modify user settings or create new users without their consent.

Description

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.

Exploits (3)

exploitdb WORKING POC

by Mesh3l_911 · pythonwebappslinux

https://www.exploit-db.com/exploits/50126

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Webmin 1.973 and earlier versions, allowing an attacker to create a malicious HTML form that, when visited by an authenticated user, can modify user settings or create new users without their consent.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Webmin <= 1.973

No auth needed

Prerequisites: Victim must be authenticated in Webmin · Victim must visit the malicious HTML page

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by electronicbots · poc

https://github.com/electronicbots/CVE-2021-31762

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-31762, which leverages a CSRF vulnerability in Webmin to create a privileged user and achieve remote command execution. The exploit generates an HTML file that, when visited by an authenticated user, submits a crafted POST request to add a new user with elevated privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin 1.973

Auth required

Prerequisites: Authenticated Webmin session · Victim to visit malicious HTML page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Mesh3l911 · poc

https://github.com/Mesh3l911/CVE-2021-31762

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-31762, which leverages a CSRF vulnerability in Webmin to create a privileged user and subsequently achieve remote command execution. The exploit generates an HTML file that, when accessed by an authenticated Webmin user, submits a crafted POST request to create a new admin user.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webmin 1.973

Auth required

Prerequisites: Victim must be authenticated to Webmin · Attacker must trick victim into accessing the malicious HTML file

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Product, Third Party Advisory x_refsource_misc

https://github.com/webmin/webmin

Exploit, Third Party Advisory x_refsource_misc

https://youtu.be/qCvEXwyaF5U

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Mesh3l911/CVE-2021-31762

Exploit, Third Party Advisory x_refsource_misc

https://github.com/electronicbots/CVE-2021-31762

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html

Scores

CVSS v3 8.8

EPSS 0.0878

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

webmin/webmin 1.973

Published Apr 25, 2021

Tracked Since Feb 18, 2026