Arbitrary Code Execution Vulnerability in Webmin 1.900 via Java File Manager and Upload/Download Privileges
CVE-2019-9624 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Learn more about our Web Application Penetration Testing UK.