Exploit for #VU20412 Command Injection in Webmin
Vulnerability identifier: #VU20412
Vulnerability risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CVE-2019-15107
CWE-ID:
CWE-77
Exploitation vector: Network
Exploits in database: 19
- May 9, 2023
- January 29, 2023
- verbose_happiness (This is a script that exploits a known vulnerability (CVE-2019-15107) in web applications, allowing an attacker to inject commands on the target server. It takes a file containing a list of target URLs as input and attempts to find vuln [Github]
- CVE-2019-15107 (This is a script that exploits a known vulnerability (CVE-2019-15107) in web applications, allowing an attacker to inject commands on the target server. It takes a file containing a list of target URLs as input and attempts to find vulnera [Github]
- December 4, 2022
- July 26, 2022
- June 30, 2022
- June 19, 2022
- June 12, 2022
- October 6, 2021
- June 17, 2021
- Webmin 1.920 - Remote Code Execution [Exploit-DB]
- September 16, 2020
- September 1, 2020
- CVE-2019-15107 (Webmin <=1.920 RCE) [Github]
- March 18, 2020
- Make-and-Break (Built a custom Virtual Machine, running Ubuntu 18.04.1 and Webmin 1.810. Using CVE-2019-15107 to exploit a backdoor in the Linux machine) [Github]
- CVE_2019_15107 (CVE_2019_15107 Webmin 1.920 Remote Code Execution Exploit) [Github]
- CVE-2019-15107 (Implementation of CVE-2019-15107 exploit in python) [Github]
- webminex (poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)) [Github]
- Webmin password_change.cgi Backdoor [Metasploit]
- Webmin password_change.cgi Backdoor [Metasploit]
Impact: Code execution
Vulnerable software:
Webmin
Web applications /
Remote management & hosting panels
Vendor: Webmin
