CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-15107

CVSS 9.8v3.1pub. 2019-08-16upd. 2025-11-06

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webmin

    APP
    Webmin
    ≤ 1.920

CISA KEV — detailsi

Vendori
Webmin
Producti
Webmin
Added to KEVi
March 25, 2022
Remediation deadline (US Federal)i
April 15, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 15 kwietnia 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-36446CRITICAL9.8ten sam produkt

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVE-2021-32157CRITICAL9.6ten sam produkt

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

CVE-2021-31761CRITICAL9.6ten sam produkt

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through W...

CVE-2020-35769CRITICAL9.8ten sam produkt

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CVE-2018-8712CRITICAL9.8ten sam produkt

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log ...