Main Vulnerability Database Exploits ID:9059 - Exploit for Command Injection in Webmin - CVE-2019-15107

ID:9059 - Exploit for Command Injection in Webmin - CVE-2019-15107

Published: May 9, 2023

Vulnerability identifier: #VU20412

Vulnerability risk: High

CVE-ID: CVE-2019-15107

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
Webmin

Link to public exploit:

https://github.com/K3ysTr0K3R/CVE-2019-15107-EXPLOIT

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary commands on a targeted system.

The vulnerability exists due to insufficient validation of user-supplied input in the "password_change.cgi" script. A remote attacker can send a specially crafted HTTP request that submits malicious input to the password reset request form page and execute arbitrary commands with root privileges.

Note, this vulnerability is being exploited in the wild by the Roboto botnet.

Remediation

Install updates from vendor's website.

ID:9059 - Exploit for Command Injection in Webmin - CVE-2019-15107

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human