Skip to content
/ CVE-2022-0824 Public

Deployement of Webmin version 1.984 which is vulnerable to authenticated remote code execution exploit.

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

honypot/CVE-2022-0824

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
webmin
webmin
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 

Repository files navigation

CVE-2022-0824

Docker

Deployement of Webmin version 1.984 which is vulnerable to authenticated remote code execution exploit.

Description

In Webmin version 1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission, chmod. It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those functionalities in the file manager.

Deployement

docker-compose up -d

Login Credentials

root:password

Volumes

$PWD/CVE-2022-0824/data → /var/webmin

Proof of Concept

Impact

This vulnerability is capable of modifying the OS file system and executing OS Command with running application privilege.

References

About

Deployement of Webmin version 1.984 which is vulnerable to authenticated remote code execution exploit.

Topics

vulnerability cve webmin cve-2022-0824

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages