HIGH🇵🇱 Wersja polska

CVE-2024-36451

CVSS 8.8v3.1pub. 2024-07-10upd. 2025-10-08

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Webmin

    APP
    Webmin
    < 2.003
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-15107CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injecti...

CVE-2022-36446CRITICAL9.8ten sam produkt

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVE-2021-32157CRITICAL9.6ten sam produkt

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

CVE-2021-31761CRITICAL9.6ten sam produkt

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through W...

CVE-2020-35769CRITICAL9.8ten sam produkt

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.