Main Vulnerability Database Vulnerabilities #VU17929

#VU17929 Dangerous file upload in Webmin - CVE-2019-9624

Published: March 8, 2019

Vulnerability identifier: #VU17929

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:A/U:Green

CVE-ID: CVE-2019-9624

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Webmin

Software vendor:
Webmin

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the application allows uploading of .cgi files via the /updown/upload.cgi URL. A remote authenticated attacker with Java file manager and Upload and Download privileges can upload and execute arbitrary .cgi file on the server with root privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html
https://www.exploit-db.com/exploits/46201

#VU17929 Dangerous file upload in Webmin - CVE-2019-9624

Description

Remediation

External links

Please verify you're human