CVE-2022-0824 HIGH

CVE-2022-0824: Improper Access Control to Remote Code Execution in webmin/webmin

Vendor Webmin
Product webmin/webmin
Weakness CWE-284
Published March 2, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.

Key dates

02Disclosure timeline

March 2, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-28511 This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ... CVE-2023-43748 CVE-2024-10353 SourceCodester Online Exam System admin-dashboard access control CVE-2022-28778 CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update