CVE-2021-31760

{"id": "CVE-2021-31760", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-04-25T19:15:08.173", "references": [{"url": "https://github.com/Mesh3l911/CVE-2021-31760", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/electronicbots/CVE-2021-31760", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/webmin/webmin", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://youtu.be/D45FN8QrzDo", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature."}, {"lang": "es", "value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para lograr una Ejecuci\u00f3n de Comandos Remota (RCE) por medio de la funcionalidad Webmin's running process"}], "lastModified": "2021-04-28T16:03:33.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}