VYPR
Unrated severityNVD Advisory· Published May 15, 2022· Updated Aug 3, 2024

CVE-2022-30708

CVE-2022-30708

Description

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Webmin/Webmincpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.991

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.