software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b | Exploit Third Party Advisory |
https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde | Patch Third Party Advisory |
https://github.com/webmin/webmin/compare/1.996...1.997 | Release Notes Third Party Advisory |
https://www.exploit-db.com/exploits/50998 | Third Party Advisory VDB Entry |
Configurations
History
06 Oct 2022, 18:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.exploit-db.com/exploits/50998 - Third Party Advisory, VDB Entry | |
References | (MISC) https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b - Exploit, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry |
10 Aug 2022, 20:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Aug 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jul 2022, 01:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Webmin webmin
Webmin |
|
CPE | cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* | |
CWE | CWE-116 | |
References | (MISC) https://github.com/webmin/webmin/compare/1.996...1.997 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde - Patch, Third Party Advisory |
25 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-25 06:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-36446
Mitre link : CVE-2022-36446
CVE.ORG link : CVE-2022-36446
JSON object : View
Products Affected
webmin
- webmin
CWE
CWE-116
Improper Encoding or Escaping of Output