Vulnerabilities > Webmin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-25 | CVE-2022-36446 | Improper Encoding or Escaping of Output vulnerability in Webmin software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | 9.8 |
| 2020-12-21 | CVE-2020-35606 | OS Command Injection vulnerability in Webmin Arbitrary command execution can occur in Webmin through 1.962. | 9.0 |
| 2019-08-16 | CVE-2019-15107 | OS Command Injection vulnerability in Webmin An issue was discovered in Webmin <=1.920. | 9.8 |
| 2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 9.0 |
| 2007-09-24 | CVE-2007-5066 | Improper Input Validation vulnerability in Webmin Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | 9.0 |
| 2005-05-02 | CVE-2005-1177 | Denial-Of-Service vulnerability in Usermin Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | 10.0 |
| 2003-03-03 | CVE-2003-0101 | miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. | 10.0 |
| 2002-12-31 | CVE-2002-2360 | Permissions, Privileges, and Access Controls vulnerability in Webmin The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | 9.3 |
| 2002-12-31 | CVE-2002-2201 | Remote Security vulnerability in Webmin The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name. | 10.0 |
| 2001-12-17 | CVE-2001-1196 | Directory Traversal vulnerability in Webmin 0.91 Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. | 10.0 |