Attacker Value
Low
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Webmin 1.900 Upload Execution

Disclosure Date: March 07, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Webmin 1.900 allows authenticated users with “Upload and Download” module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Low
Technical Analysis

Details

Webmin 1.900 allows authenticated users with “Upload and Download” module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server.

General Information

Additional Info

Technical Analysis