CVE-2020-35606

Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

Information

Published : 2020-12-21 12:15

Updated : 2022-04-26 09:12


NVD link : CVE-2020-35606

Mitre link : CVE-2020-35606


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

webmin

  • webmin