First published: Sun May 15 2022(Updated: )
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Webmin Webmin | <=1.991 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30708 is a vulnerability in Webmin through version 1.991 that allows remote code execution.
The severity of CVE-2022-30708 is high, with a severity value of 8.8.
Webmin versions up to and including 1.991 are affected by CVE-2022-30708.
CVE-2022-30708 allows remote code execution when a user has been manually created in Webmin using the Authentic theme.
Yes, updating Webmin to a version beyond 1.991 can fix the CVE-2022-30708 vulnerability.