Improper Access Control to Remote Code Execution in webmin/webmin
Feb 17th 2022
In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission (chmod). It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those functionalities in the file manager.
Proof of Concept
Request file: Download file from remote URL , pwd:
Request file: Change file permission (chmod) , pwd:
This vulnerability is capable of modifying the OS file system and executing OS Command with running application privilege.