CVE-2012-2982
UnknownEPSS 61.92%
Last modified
CVE-2012-2982 is a vulnerability of currently unknown severity. file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.. EPSS estimates a 61.92% chance of exploitation in the next 30 days.
Description
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Webmin | <= 1.590 |
| Gentoo | Webmin | 1.140 |
| Gentoo | Webmin | 1.150 |
| Gentoo | Webmin | 1.160 |
| Gentoo | Webmin | 1.170 |
| Gentoo | Webmin | 1.180 |
| Gentoo | Webmin | 1.200 |
| Gentoo | Webmin | 1.210 |
| Gentoo | Webmin | 1.220 |
| Gentoo | Webmin | 1.230 |
| Gentoo | Webmin | 1.240 |
| Gentoo | Webmin | 1.260 |
| Gentoo | Webmin | 1.270 |
| Gentoo | Webmin | 1.280 |
| Gentoo | Webmin | 1.290 |
| Gentoo | Webmin | 1.300 |
| Gentoo | Webmin | 1.310 |
| Gentoo | Webmin | 1.320 |
| Gentoo | Webmin | 1.330 |
| Gentoo | Webmin | 1.340 |
| Gentoo | Webmin | 1.370 |
| Gentoo | Webmin | 1.380 |
| Gentoo | Webmin | 1.390 |
| Gentoo | Webmin | 1.400 |
| Gentoo | Webmin | 1.410 |
| Gentoo | Webmin | 1.420 |
| Gentoo | Webmin | 1.430 |
| Gentoo | Webmin | 1.440 |
| Gentoo | Webmin | 1.450 |
| Gentoo | Webmin | 1.470 |
| Gentoo | Webmin | 1.480 |
| Gentoo | Webmin | 1.500 |
| Gentoo | Webmin | 1.510 |
| Gentoo | Webmin | 1.520 |
| Gentoo | Webmin | 1.530 |
| Gentoo | Webmin | 1.550 |
| Gentoo | Webmin | 1.560 |
| Gentoo | Webmin | 1.570 |
| Gentoo | Webmin | 1.580 |
References
- http://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
- http://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2982?
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
How severe is CVE-2012-2982?
Severity scoring for CVE-2012-2982 is pending analysis. The EPSS model estimates a 61.92% probability of exploitation in the next 30 days.
How do I fix CVE-2012-2982?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-2982?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST