edit-icon download-icon

[Vulnerability notice] Remote command injection vulnerability in Webmin and Usermin

Last Updated: Apr 02, 2018

Vulnerability description

Webmin is a web-based interface for system administration of Unix. Using any web browser, you can configure user accounts, Apache, DNS, file sharing, and more.

Webmin versions earlier than 1.600 have a remote command injection vulnerability. Successfully exploiting this vulnerability allows attackers to run arbitrary operating system commands in affected application context.

How to fix

The vendor has released a patch to fix this vulnerability. You can download the patch from http://www.webmin.com/webmin/.

Thank you! We've received your feedback.