file/edit_html.cgi in Webmin 1.590 and earlier does not...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Sep 11, 2012
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 28, 2023
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
References