First published: Mon Aug 26 2019(Updated: )
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmin Webmin | <=1.930 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15641 is a vulnerability in Webmin that allows authenticated XXE attacks.
CVE-2019-15641 has a severity rating of 6.5 (medium).
CVE-2019-15641 allows authenticated XXE attacks in Webmin versions up to 1.930.
By default, only root, admin, and sysadm can access xmlrpc.cgi in Webmin.
To fix CVE-2019-15641, upgrade Webmin to a version above 1.930.