First published: Thu Mar 07 2019(Updated: )
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmin Webmin | =1.900 | |
=1.900 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9624 is a vulnerability in Webmin 1.900 that allows remote attackers to execute arbitrary code.
CVE-2019-9624 occurs when remote attackers leverage the "Java file manager" and "Upload and Download" privileges in Webmin 1.900 to upload a crafted .cgi file.
The severity of CVE-2019-9624 is rated as high, with a CVSS score of 7.8.
To fix CVE-2019-9624, it is recommended to update Webmin to a version that has patched the vulnerability.
More information about CVE-2019-9624 can be found at the following references: [link1], [link2], [link3].