All Products
Document Center

[Vulnerability notice] Remote command injection vulnerability in Webmin and Usermin

Last Updated: Apr 02, 2018

Vulnerability description

Webmin is a web-based interface for system administration of Unix. Using any web browser, you can configure user accounts, Apache, DNS, file sharing, and more.

Webmin versions earlier than 1.600 have a remote command injection vulnerability. Successfully exploiting this vulnerability allows attackers to run arbitrary operating system commands in affected application context.

How to fix

The vendor has released a patch to fix this vulnerability. You can download the patch from