Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWebmin Usermin
APPWebminβ€ 1.850
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
Related vulnerabilities
CVE-2015-2079CRITICAL9.9PL βten sam produkt
RCE w Usermin przez bΕΔdne wywoΕanie Perl open() w uconfig_save.cgi
CVE-2024-44762MEDIUM5.3ten sam produkt
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumer...
CVE-2024-36453MEDIUM6.1ten sam produkt
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin v...
CVE-2023-41157MEDIUM5.4ten sam produkt
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject a...
CVE-2023-41159MEDIUM5.4ten sam produkt
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allow...