CVE-2019-12840 – Webmin/Webmin – OS command injection vulnerability
CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses the patch issued for this vulnerability in July, 2019.
Summary:
CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses the patch issued for this vulnerability in July, 2019.
PoC Links(if available):
Exploit DB Metasploit module –
https://www.exploit-db.com/exploits/46984
Known Counter Measures:
The vendor first addressed the vulnerability in Webmin version 1.920 which was released in July, 2019. However, it was reported that the 2019 patch release was ineffective which resulted in CVE-2020-35606.
Links to patches(if available)
https://www.webmin.com/download.html