module
Webmin File Manager RCE
| Disclosed |
|---|
| Feb 26, 2022 |
Disclosed
Feb 26, 2022
Description
In Webmin version 1.984, any authenticated low privilege user without access rights to
the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and
changing file permissions. It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those
functionalities in the file manager.
the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and
changing file permissions. It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those
functionalities in the file manager.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.