Webmin allows execution of arbitrary commands
The Webmin open source remote administration application allows administrators with restricted privileges to execute arbitrary commands. By passing special parameters in URLs, administrators can cause command execution, thereby escalating their privileges. The developers have not disclosed the nature of the required parameters, but have stated that only the Windows version is affected. Webmin 1.370, in which the vulnerability is fixed, has been released for download. Users of Windows versions of Webmin should install the new package as soon as possible.
- Security advisory from the Webmin development team
- Download the latest version of Webmin
(mba)