Vulnerability Database
Blog
FAQ
Docs
CVE-2022-36446
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-36446
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36446.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-36446
Published
2022-07-25T06:15:07Z
Modified
2025-01-08T14:18:42.346159Z
Severity
9.8 (Critical)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html
http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html
https://www.exploit-db.com/exploits/50998
https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b
https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde
https://github.com/webmin/webmin/compare/1.996...1.997
Affected packages
Git
/
github.com/webmin/webmin
Affected ranges
Type
GIT
Repo
https://github.com/webmin/webmin
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
13f7bf9621a82d93f1e9dbd838d1e22020221bde
Fixed
13f7bf9621a82d93f1e9dbd838d1e22020221bde
Affected versions
1.*
1.700
1.710
1.720
1.730
1.740
1.750
1.760
1.770
1.780
1.790
1.800
1.801
1.810
1.820
1.830
1.831
1.840
1.850
1.860
1.870
1.880
1.890
1.900
1.910
1.920
1.930
1.940
1.941
1.950
1.951
1.953
1.954
1.955
1.960
1.962
1.970
1.972
1.973
1.974
1.979
1.980
1.982
1.983
1.984
1.990
1.991
1.993
1.994
1.995
1.996
CVE-2022-36446 - OSV