Main Vulnerability Database SB2019081608

SB2019081608 - Remote command injection in Webmin

Published: August 16, 2019 Updated: May 9, 2023

Security Bulletin ID SB2019081608

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Command Injection (CVE-ID: CVE-2019-15107)

The vulnerability allows a remote attacker to execute arbitrary commands on a targeted system.

The vulnerability exists due to insufficient validation of user-supplied input in the "password_change.cgi" script. A remote attacker can send a specially crafted HTTP request that submits malicious input to the password reset request form page and execute arbitrary commands with root privileges.

Note, this vulnerability is being exploited in the wild by the Roboto botnet.

Remediation

Install update from vendor's website.

References

http://www.webmin.com/security.html
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webmin_backdoor.rb