Vulnerability Details : CVE-2019-15107
Public exploit exists!
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Products affected by CVE-2019-15107
- cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
CVE-2019-15107 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Webmin Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-15107
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2019-15107
97.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-15107
-
Webmin password_change.cgi Backdoor
Disclosure Date: 2019-08-10First seen: 2020-04-26exploit/linux/http/webmin_backdoorThis module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's s
CVSS scores for CVE-2019-15107
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15107
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15107
-
http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html
Webmin 1.920 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/47230
Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://www.webmin.com/security.html
WebminVendor Advisory
-
http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html
Webmin 1.920 password_change.cgi Backdoor ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html
Webmin 1.920 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection
AttackerKB | Webmin password_change.cgi Command InjectionThird Party Advisory
-
http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html
Webmin 1.920 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
Pentest Blog - Self-Improvement to Ethical HackingExploit;Third Party Advisory
Jump to