ID:1531 - Exploit for Dangerous file upload in Webmin - CVE-2019-9624

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:1531 - Exploit for Dangerous file upload in Webmin - CVE-2019-9624

ID:1531 - Exploit for Dangerous file upload in Webmin - CVE-2019-9624

Published: March 18, 2020


Vulnerability identifier: #VU17929
Vulnerability risk: Medium
CVE-ID: CVE-2019-9624
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
Webmin

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the application allows uploading of .cgi files via the /updown/upload.cgi URL. A remote authenticated attacker with Java file manager and Upload and Download privileges can upload and execute arbitrary .cgi file on the server with root privileges.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.