Vulnerabilities > Webmin > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45692 Infinite Loop vulnerability in multiple products
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
network
low complexity
virtualmin webmin CWE-835
7.5
7.5
2022-10-25 CVE-2022-35132 OS Command Injection vulnerability in Webmin Usermin
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
network
low complexity
webmin CWE-78
8.8
8.8
2022-05-15 CVE-2022-30708 Unspecified vulnerability in Webmin
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin).
network
low complexity
webmin
8.8
8.8
2022-04-11 CVE-2021-32156 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
network
low complexity
webmin CWE-352
8.8
8.8
2022-04-11 CVE-2021-32159 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
network
low complexity
webmin CWE-352
8.8
8.8
2022-04-11 CVE-2021-32162 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
network
low complexity
webmin CWE-352
8.8
8.8
2022-03-02 CVE-2022-0824 Improper Access Control vulnerability in Webmin
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin CWE-284
8.8
8.8
2022-03-02 CVE-2022-0829 Improper Authorization vulnerability in Webmin
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
network
low complexity
webmin CWE-285
8.1
8.1
2021-04-25 CVE-2021-31762 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
network
low complexity
webmin CWE-352
8.8
8.8
2021-04-25 CVE-2021-31760 Cross-Site Request Forgery (CSRF) vulnerability in Webmin 1.973
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
network
low complexity
webmin CWE-352
8.8
8.8