CRITICAL🇬🇧 English

CVE-2018-8712

CVSS 9.8v3.0pub. 2018-03-14upd. 2024-11-21

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webmin

    APP
    Webmin
    1.8401.880
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2019-15107CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injecti...

CVE-2022-36446CRITICAL9.8ten sam produkt

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVE-2021-32157CRITICAL9.6ten sam produkt

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.

CVE-2021-31761CRITICAL9.6ten sam produkt

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through W...

CVE-2020-35769CRITICAL9.8ten sam produkt

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.