CVE-2019-12840: OS Command Injection
First published: Sat Jun 15 2019(Updated: )
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Webmin | <=1.910 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-12840?
CVE-2019-12840 is a vulnerability found in Webmin through version 1.910 that allows any user authorized to the 'Package Updates' module to execute arbitrary commands with root privileges.
How severe is CVE-2019-12840?
CVE-2019-12840 has a severity rating of 8.8, which is classified as critical.
What is the affected software by CVE-2019-12840?
The affected software is Webmin through version 1.910.
How can the arbitrary command execution vulnerability in Webmin be exploited?
The vulnerability can be exploited by any user authorized to the 'Package Updates' module using the data parameter in update.cgi.
Are there any references for CVE-2019-12840?
Yes, you can find more information about CVE-2019-12840 at the following references: [http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html](http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html), [http://www.securityfocus.com/bid/108790](http://www.securityfocus.com/bid/108790), [https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html](https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html).
- collector/nvd-index
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.910