CVE-2012-4893: CSRF
First published: Tue Sep 11 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <=1.590 | |
| Webmin | =1.140 | |
| Webmin | =1.150 | |
| Webmin | =1.160 | |
| Webmin | =1.170 | |
| Webmin | =1.180 | |
| Webmin | =1.200 | |
| Webmin | =1.210 | |
| Webmin | =1.220 | |
| Webmin | =1.230 | |
| Webmin | =1.240 | |
| Webmin | =1.260 | |
| Webmin | =1.270 | |
| Webmin | =1.280 | |
| Webmin | =1.290 | |
| Webmin | =1.300 | |
| Webmin | =1.310 | |
| Webmin | =1.320 | |
| Webmin | =1.330 | |
| Webmin | =1.340 | |
| Webmin | =1.370 | |
| Webmin | =1.380 | |
| Webmin | =1.390 | |
| Webmin | =1.400 | |
| Webmin | =1.410 | |
| Webmin | =1.420 | |
| Webmin | =1.430 | |
| Webmin | =1.440 | |
| Webmin | =1.450 | |
| Webmin | =1.470 | |
| Webmin | =1.480 | |
| Webmin | =1.500 | |
| Webmin | =1.510 | |
| Webmin | =1.520 | |
| Webmin | =1.530 | |
| Webmin | =1.550 | |
| Webmin | =1.560 | |
| Webmin | =1.570 | |
| Webmin | =1.580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4893?
The severity of CVE-2012-4893 is high due to its potential to allow remote attackers to hijack the authentication of privileged users.
How do I fix CVE-2012-4893?
To fix CVE-2012-4893, upgrade Webmin to version 1.591 or later, which addresses the CSRF vulnerabilities.
What are the risks associated with CVE-2012-4893?
CVE-2012-4893 poses risks such as unauthorized actions like reading sensitive files and executing commands as a privileged user.
Which versions of Webmin are affected by CVE-2012-4893?
CVE-2012-4893 affects Webmin versions 1.590 and earlier.
What type of vulnerability is CVE-2012-4893?
CVE-2012-4893 is classified as a cross-site request forgery (CSRF) vulnerability.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- vendor/gentoo
- canonical/webmin
- version/webmin/1.590
- version/webmin/1.140
- version/webmin/1.150
- version/webmin/1.160
- version/webmin/1.170
- version/webmin/1.180
- version/webmin/1.200
- version/webmin/1.210
- version/webmin/1.220
- version/webmin/1.230
- version/webmin/1.240
- version/webmin/1.260
- version/webmin/1.270
- version/webmin/1.280
- version/webmin/1.290
- version/webmin/1.300
- version/webmin/1.310
- version/webmin/1.320
- version/webmin/1.330
- version/webmin/1.340
- version/webmin/1.370
- version/webmin/1.380
- version/webmin/1.390
- version/webmin/1.400
- version/webmin/1.410
- version/webmin/1.420
- version/webmin/1.430
- version/webmin/1.440
- version/webmin/1.450
- version/webmin/1.470
- version/webmin/1.480
- version/webmin/1.500
- version/webmin/1.510
- version/webmin/1.520
- version/webmin/1.530
- version/webmin/1.550
- version/webmin/1.560
- version/webmin/1.570
- version/webmin/1.580