VDB

CVE-2022-30708

CVE-2022-30708 PUBLISHED CVSS 8.800000190734863 HIGH

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

EPSS 4.70% · 89.6th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
EPSS Score
4.70%
89.6th percentile

Affected Products

VendorProductVersions
webminwebmin0
n/an/an/a

Timeline

  • May 15, 2022 EPSS Score
  • May 15, 2022 CVE Published
  • Aug 22, 2022 EPSS Score
  • Oct 10, 2022 EPSS Score
  • Jan 17, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jun 13, 2023 EPSS Score
  • Aug 1, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Dec 27, 2023 EPSS Score
  • Apr 3, 2024 EPSS Score
  • May 22, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›