HIGH🇵🇱 Wersja polska

CVE-2022-35132

CVSS 8.8v3.1pub. 2022-10-25upd. 2025-05-07

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Webmin Usermin

    APP
    Webmin
    ≤ 1.850
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2015-2079CRITICAL9.9PL ✓ten sam produkt

RCE w Usermin przez błędne wywołanie Perl open() w uconfig_save.cgi

CVE-2024-44762MEDIUM5.3ten sam produkt

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumer...

CVE-2024-36453MEDIUM6.1ten sam produkt

Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin v...

CVE-2023-41157MEDIUM5.4ten sam produkt

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject a...

CVE-2023-41159MEDIUM5.4ten sam produkt

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allow...