CVE-2012-2982

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
gentoowebmin
𝑥
≤ 1.590
gentoowebmin
1.140
gentoowebmin
1.150
gentoowebmin
1.160
gentoowebmin
1.170
gentoowebmin
1.180
gentoowebmin
1.200
gentoowebmin
1.210
gentoowebmin
1.220
gentoowebmin
1.230
gentoowebmin
1.240
gentoowebmin
1.260
gentoowebmin
1.270
gentoowebmin
1.280
gentoowebmin
1.290
gentoowebmin
1.300
gentoowebmin
1.310
gentoowebmin
1.320
gentoowebmin
1.330
gentoowebmin
1.340
gentoowebmin
1.370
gentoowebmin
1.380
gentoowebmin
1.390
gentoowebmin
1.400
gentoowebmin
1.410
gentoowebmin
1.420
gentoowebmin
1.430
gentoowebmin
1.440
gentoowebmin
1.450
gentoowebmin
1.470
gentoowebmin
1.480
gentoowebmin
1.500
gentoowebmin
1.510
gentoowebmin
1.520
gentoowebmin
1.530
gentoowebmin
1.550
gentoowebmin
1.560
gentoowebmin
1.570
gentoowebmin
1.580
𝑥
= Vulnerable software versions
References
http://americaninfosec.com/research/index.html
http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
http://www.kb.cert.org/vuls/id/788478
http://www.securitytracker.com/id?1027507
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213
http://americaninfosec.com/research/index.html
http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
http://www.kb.cert.org/vuls/id/788478
http://www.securitytracker.com/id?1027507
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213