VYPR
Unrated severityNVD Advisory· Published Aug 26, 2019· Updated Aug 5, 2024

CVE-2019-15642

CVE-2019-15642

Description

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Webmin/Webmindescription
  • Webmin/Webminllm-fuzzy
    Range: <=1.920

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.