Lucene search

[email protected]NVD:CVE-2022-36446

HistoryJul 25, 2022 - 6:15 a.m.

CVE-2022-36446

2022-07-2506:15:07

CWE-116

[email protected]

web.nvd.nist.gov

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.969 High

EPSS

Percentile

99.7%

JSON

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

Affected configurations

NVD

Node

webminwebminRange<1.997

References

packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html

packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html

gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b

github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde

github.com/webmin/webmin/compare/1.996...1.997

www.exploit-db.com/exploits/50998

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.969 High

EPSS

Percentile

99.7%

JSON

Related for NVD:CVE-2022-36446

cvelist1 nuclei1 nessus1 githubexploit1 openvas1 zdt1 prion1 packetstorm2 cve1 osv1 metasploit1 exploitdb1 checkpoint_advisories1 rapid7blog1