Vulnerabilities > CVE-2001-1530 - Unspecified vulnerability in Webmin 0.80/0.88
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN webmin
nessus
Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBMIN_0_80_88.NASL |
| description | According to its self-reported version, the Webmin install hosted on the remote host is 0.80 or 0.88. It is, therefore, affected by an issue in run.cgi which allows for the creation of temporary files with world-writable permissions, which could lead to arbitrary code execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 108535 |
| published | 2018-03-22 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/108535 |
| title | Webmin 0.80 / 0.88 world-writable files |