Vulnerabilities > CVE-2001-1530 - Local Security vulnerability in Webmin 0.80/0.88
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBMIN_0_80_88.NASL |
| description | According to its self-reported version, the Webmin install hosted on the remote host is 0.80 or 0.88. It is, therefore, affected by an issue in run.cgi which allows for the creation of temporary files with world-writable permissions, which could lead to arbitrary code execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 108535 |
| published | 2018-03-22 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/108535 |
| title | Webmin 0.80 / 0.88 world-writable files |