What is CVE-2020-35606?

CVE-2020-35606 is a vulnerability in N/a. Published 2020-12-21.

Is CVE-2020-35606 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35606

Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an…

EPSS: 0.770 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

anasbousselham/webminscan
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
EdgeSecurityTeam/Vulnerability
SexyBeast233/SecBooks
alphaSeclab/sec-daily-2020
developer3000S/PoC-in-GitHub
dudek-marcin/Poc-Exp
fofapro/vulfocus-java
fofapro/vulfocus-py

References

www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Executi… (x_refsource_MISC)
www.webmin.com/download.html (x_refsource_MISC)
packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html (x_refsource_MISC)
49318 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2020-35606?: CVE-2020-35606 is a vulnerability in N/a. Published 2020-12-21.
Is CVE-2020-35606 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.