Vulnerabilities > Webmin > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-35606 | OS Command Injection vulnerability in Webmin Arbitrary command execution can occur in Webmin through 1.962. | 8.8 |
| 2019-08-26 | CVE-2019-15642 | Code Injection vulnerability in Webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. | 8.8 |
| 2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 8.8 |
| 2019-03-07 | CVE-2019-9624 | Improper Privilege Management vulnerability in Webmin 1.900 Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. | 7.8 |
| 2017-10-19 | CVE-2017-15645 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin CSRF exists in Webmin 1.850. | 8.8 |
| 2017-10-19 | CVE-2017-15644 | Server-Side Request Forgery (SSRF) vulnerability in Webmin SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | 8.6 |