Vulnerability Details : CVE-2022-36446
Public exploit exists!
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
Products affected by CVE-2022-36446
- cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36446
97.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-36446
-
Webmin Package Updates RCE
Disclosure Date: 2022-07-26First seen: 2022-12-23exploit/linux/http/webmin_package_updates_rceThis module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (`apt`, `yum`, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possibe to inject
CVSS scores for CVE-2022-36446
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-36446
-
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36446
-
https://github.com/webmin/webmin/compare/1.996...1.997
Comparing 1.996...1.997 · webmin/webmin · GitHubRelease Notes;Third Party Advisory
-
http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html
Webmin 1.996 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b
CVE-2022-36446 · GitHubExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/50998
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated) - Linux webapps ExploitThird Party Advisory;VDB Entry
-
https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde
Command to show in the UI should not be escaped, but the actual comma… · webmin/webmin@13f7bf9 · GitHubPatch;Third Party Advisory
-
http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html
Webmin Package Updates Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to