CVE-2022-36446
- Source
- https://cve.org/CVERecord?id=CVE-2022-36446
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36446.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-36446
- Published
- 2022-07-25T06:15:07.900Z
- Modified
- 2025-11-14T12:15:54.099269Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
- References
-
- http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html
- https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b
- https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde
- https://github.com/webmin/webmin/compare/1.996...1.997
- https://www.exploit-db.com/exploits/50998
Affected packages
Git / github.com/webmin/webmin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webmin/webmin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.700
1.710
1.720
1.730
1.740
1.750
1.760
1.770
1.780
1.790
1.800
1.801
1.810
1.820
1.830
1.831
1.840
1.850
1.860
1.870
1.880
1.890
1.900
1.910
1.920
1.930
1.940
1.941
1.950
1.951
1.953
1.954
1.955
1.960
1.962
1.970
1.972
1.973
1.974
1.979
1.980
1.982
1.983
1.984
1.990
1.991
1.993
1.994
1.995
1.996