CVE-2022-36446 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Webmin affects v. before 1.997.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Webmin is a powerful web-based server administration tool used by organizations of all sizes to manage their Linux systems. It provides a user-friendly interface that allows users to manage various aspects of their server, monitoring system processes, managing user accounts, configuring network settings, and much more. Webmin simplifies and streamlines the management of servers by providing an easy-to-use interface accessible from any web-enabled device.
CVE-2022-36446 is a vulnerability detected in the software/apt-lib.pl file in Webmin before version 1.997. This vulnerability is due to a lack of HTML escaping for a user interface (UI) command. As a result, an attacker can easily inject malicious code into the UI command, which can be executed on the target server. A successful exploit can lead to the complete compromise of the vulnerable system, allowing attackers to carry out a range of malicious activities.
When exploited, the vulnerability can lead to a number of potentially devastating consequences to the affected system. Attackers can gain access to sensitive information, such as login credentials, financial data, and intellectual property. They can also use the compromised system to launch further attacks against other systems on the network, potentially leading to extensive damage to the organization and its stakeholders.
As part of the s4e.io platform, users can easily access comprehensive reports on the vulnerabilities in their digital assets. The platform provides advanced features to detect and report on potential threats, allowing users to quickly identify and remediate vulnerabilities before they can be exploited. With the help of s4e.io's pro features, users can secure their digital assets and protect their organizations against malicious attacks.
REFERENCES
- http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html
- https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b
- https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde
- https://github.com/webmin/webmin/compare/1.996...1.997
- https://www.exploit-db.com/exploits/50998
