Vulnerabilities > Webmin > High

DATE CVE VULNERABILITY TITLE RISK
2025-04-28 CVE-2015-2079 Code Injection vulnerability in Webmin Usermin
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
network
low complexity
webmin CWE-94
8.8
2024-09-04 CVE-2024-45692 Infinite Loop vulnerability in multiple products
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
network
low complexity
virtualmin webmin CWE-835
7.5
2022-10-25 CVE-2022-35132 OS Command Injection vulnerability in Webmin Usermin
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
network
low complexity
webmin CWE-78
8.8
2022-05-15 CVE-2022-30708 Unspecified vulnerability in Webmin
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin).
network
low complexity
webmin
8.8
2022-04-11 CVE-2021-32156 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
network
low complexity
webmin CWE-352
8.8
2022-04-11 CVE-2021-32159 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
network
low complexity
webmin CWE-352
8.8
2022-04-11 CVE-2021-32162 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
low complexity
webmin CWE-352
8.8
2022-03-02 CVE-2022-0824 Unspecified vulnerability in Webmin
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.8
2022-03-02 CVE-2022-0829 Unspecified vulnerability in Webmin
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin
8.1
2021-04-25 CVE-2021-31762 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
network
low complexity
webmin CWE-352
8.8