Main Vulnerability Database Exploits ID:4134 - Exploit for Improper Authentication in Webmin - CVE-2012-2983

ID:4134 - Exploit for Improper Authentication in Webmin - CVE-2012-2983

Published: August 11, 2020

Vulnerability identifier: #VU43568

Vulnerability risk: Medium

CVE-ID: CVE-2012-2983

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Webmin

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/admin/webmin/edit_html_fileaccess

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Remediation

Install update from vendor's website.

ID:4134 - Exploit for Improper Authentication in Webmin - CVE-2012-2983

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human