Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-32159
CVE-2021-32159:
Webmin vulnerability analysis and mitigation
Overview
A Cross-site request forgery (CSRF) vulnerability was identified in Webmin version 1.973 via the Upload and Download feature (MITRE CVE, GitHub POC). The vulnerability was discovered and reported in May 2021, affecting the web-based system administration tool used by over 1 million Unix-like servers worldwide.
Technical details
The vulnerability exists in the Upload and Download functionality of Webmin 1.973, allowing potential CSRF attacks that could lead to command injection. The issue was assigned CVE-2021-32159 and was discovered by security researchers Mesh3l_911 and Z0ldyck (GitHub POC).
Impact
If successfully exploited, this vulnerability could allow attackers to execute arbitrary commands on the affected system through the Upload and Download feature, potentially leading to unauthorized system access and control (GitHub POC).
Additional resources
Source: This report was generated using AI
Related Webmin vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management