CVE-2012-2983

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
gentoowebmin
𝑥
≤ 1.590
gentoowebmin
1.140
gentoowebmin
1.150
gentoowebmin
1.160
gentoowebmin
1.170
gentoowebmin
1.180
gentoowebmin
1.200
gentoowebmin
1.210
gentoowebmin
1.220
gentoowebmin
1.230
gentoowebmin
1.240
gentoowebmin
1.260
gentoowebmin
1.270
gentoowebmin
1.280
gentoowebmin
1.290
gentoowebmin
1.300
gentoowebmin
1.310
gentoowebmin
1.320
gentoowebmin
1.330
gentoowebmin
1.340
gentoowebmin
1.370
gentoowebmin
1.380
gentoowebmin
1.390
gentoowebmin
1.400
gentoowebmin
1.410
gentoowebmin
1.420
gentoowebmin
1.430
gentoowebmin
1.440
gentoowebmin
1.450
gentoowebmin
1.470
gentoowebmin
1.480
gentoowebmin
1.500
gentoowebmin
1.510
gentoowebmin
1.520
gentoowebmin
1.530
gentoowebmin
1.550
gentoowebmin
1.560
gentoowebmin
1.570
gentoowebmin
1.580
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://americaninfosec.com/research/index.html
http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
http://www.kb.cert.org/vuls/id/788478
http://www.securitytracker.com/id?1027507
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
http://americaninfosec.com/research/index.html
http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
http://www.kb.cert.org/vuls/id/788478
http://www.securitytracker.com/id?1027507
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80