Vulnerability Details : CVE-2022-0824
Public exploit exists!
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2022-0824
- cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-0824
97.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-0824
-
Webmin File Manager RCE
Disclosure Date: 2022-02-26First seen: 2022-12-23exploit/linux/http/webmin_file_manager_rceIn Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve Remote Co
CVSS scores for CVE-2022-0824
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
2.8
|
5.5
|
huntr.dev | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-0824
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: security@huntr.dev (Primary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2022-0824
-
http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html
Webmin 1.984 File Manager Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295
Improper Access Control to Remote Code Execution vulnerability found in webminExploit;Issue Tracking;Third Party Advisory
-
https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38
Foreign module may need a check · webmin/webmin@39ea464 · GitHubPatch;Third Party Advisory
-
http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html
Webmin 1.984 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html
Broken Access Control To Post-Auth Remote Code Execution in WebminExploit;Third Party Advisory
Jump to