MEDIUM🇵🇱 Wersja polska

CVE-2024-44762

CVSS 5.3v3.1pub. 2024-10-16upd. 2025-10-15

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Webmin Usermin

    APP
    Webmin
    2.100
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-2079CRITICAL9.9PL ✓ten sam produkt

RCE w Usermin przez błędne wywołanie Perl open() w uconfig_save.cgi

CVE-2022-35132HIGH8.8ten sam produkt

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a fil...

CVE-2024-36453MEDIUM6.1ten sam produkt

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin v...

CVE-2023-41157MEDIUM5.4ten sam produkt

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject a...

CVE-2023-41156MEDIUM5.4ten sam produkt

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows r...