What is CVE-2019-9624?

CVE-2019-9624 is a vulnerability in N/a. Published 2019-03-07.

Is CVE-2019-9624 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.

EPSS: 0.536 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

x0rbeexd/CVE-2019-9624
rapid7/metasploit-framework
InesMartins31/iot-cves

References

46201 (exploit, x_refsource_EXPLOIT-DB)
pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html (x_refsource_MISC)
www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-9624?: CVE-2019-9624 is a vulnerability in N/a. Published 2019-03-07.
Is CVE-2019-9624 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.