First published: Sun Apr 25 2021(Updated: )
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmin Webmin | =1.973 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31762 is a Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973 that allows attackers to create a privileged user and gain unauthorized access.
The severity of CVE-2021-31762 is rated as high, with a CVSS score of 8.8.
Webmin 1.973 is affected by CVE-2021-31762.
An attacker can exploit CVE-2021-31762 by performing a Cross-Site Request Forgery (CSRF) attack to create a privileged user through Webmin's add users feature and gain a reverse shell access through Webmin's running process feature.
At the time of writing, there is no official patch or fix available for CVE-2021-31762. It is recommended to update to a newer version of Webmin once a patch is released.