Vulnerability Details CVE-2021-31762
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.227
EPSS Ranking 95.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html
- https://github.com/Mesh3l911/CVE-2021-31762
- https://github.com/electronicbots/CVE-2021-31762
- https://github.com/webmin/webmin
- https://youtu.be/qCvEXwyaF5U
- http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html
- https://github.com/Mesh3l911/CVE-2021-31762
- https://github.com/electronicbots/CVE-2021-31762
- https://github.com/webmin/webmin
- https://youtu.be/qCvEXwyaF5U