Exploit for #VU20412 Command Injection in Webmin
Vulnerability identifier: #VU20412
Vulnerability risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID:
CVE-2019-15231
CVE-2019-15107
CWE-ID:
CWE-77
Exploitation vector: Network
Exploits in database: 19
- May 9, 2023
- January 29, 2023
- verbose_happiness (This is a script that exploits a known vulnerability (CVE-2019-15107) in web applications, allowing an attacker to inject commands on the target server. It takes a file containing a list of target URLs as input and attempts to find vuln [Github]
- CVE-2019-15107 (This is a script that exploits a known vulnerability (CVE-2019-15107) in web applications, allowing an attacker to inject commands on the target server. It takes a file containing a list of target URLs as input and attempts to find vulnera [Github]
- December 4, 2022
- July 26, 2022
- June 30, 2022
- June 19, 2022
- June 12, 2022
- October 6, 2021
- June 17, 2021
- Webmin 1.920 - Remote Code Execution [Exploit-DB]
- September 16, 2020
- September 1, 2020
- CVE-2019-15107 (Webmin <=1.920 RCE) [Github]
- March 18, 2020
- Make-and-Break (Built a custom Virtual Machine, running Ubuntu 18.04.1 and Webmin 1.810. Using CVE-2019-15107 to exploit a backdoor in the Linux machine) [Github]
- CVE_2019_15107 (CVE_2019_15107 Webmin 1.920 Remote Code Execution Exploit) [Github]
- CVE-2019-15107 (Implementation of CVE-2019-15107 exploit in python) [Github]
- webminex (poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)) [Github]
- Webmin password_change.cgi Backdoor [Metasploit]
- Webmin password_change.cgi Backdoor [Metasploit]
Vulnerable software:
Webmin
Web applications /
Remote management & hosting panels
Vendor: Webmin
