What is CVE-2019-15642?

CVE-2019-15642 is a vulnerability in N/a. Published 2019-08-26.

Is CVE-2019-15642 known to be exploited?

43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-15642

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command o…

EPSS: 0.929 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.calypt.com/blog/index.php/authenticated-rce-on-webmin/ (x_refsource_MISC)
github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c (x_refsource_MISC)
github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi (x_refsource_MISC)
doxfer.webmin.com/Webmin/Webmin_Servers_Index (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15642?: CVE-2019-15642 is a vulnerability in N/a. Published 2019-08-26.
Is CVE-2019-15642 known to be exploited?: 43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.