#Webmin authentic theme Patch#
It is possible to download the exploit at .Īpplying the patch 6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d is able to eliminate this problem. Technical details and also a public exploit are known. The requirement for exploitation is a single authentication.
Download: authentic-theme-19.93.1.wbt. Managing servers, operating systems and applications has never been so easy. This vulnerability was named CVE-2022-30708 since. Authentic Theme is modern, ultrafast single-page application for Webmin/Usermin that is made with love. This occurs because settings-editor_write.cgi does not properly restrict the file parameter. Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). Version 19.91.3 (April 28, 2022) Add improvements to login screen Fix spinners inside of tiny buttons Fi buttons to be displayed unconditionally on the. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter. As an impact it is known to affect confidentiality, integrity, and availability. Description: Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). The manipulation of the argument file with an unknown input leads to a privilege escalation vulnerability. This vulnerability affects an unknown code block of the file settings-editor_write.cgi of the component Authentic Theme. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability classified as critical was found in Webmin up to 1.991 ( Software Management Software). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
