Unrated severityNVD Advisory· Published Sep 11, 2012· Updated Apr 29, 2026
CVE-2012-2983
CVE-2012-2983
Description
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
Affected products
19cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*range: <=1.590
- cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.kb.cert.org/vuls/id/788478nvdPatchUS Government Resource
- americaninfosec.com/research/index.htmlnvd
- www.americaninfosec.com/research/dossiers/AISG-12-002.pdfnvd
- www.securitytracker.com/idnvd
- www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfnvd
- github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80nvd
News mentions
0No linked articles in our index yet.