Vulnerability in N/a
CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
EPSS: 0.929 (99.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde (x_refsource_MISC)
- github.com/webmin/webmin/compare/1.996...1.997 (x_refsource_MISC)
- packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html (x_refsource_MISC)
- www.exploit-db.com/exploits/50998 (x_refsource_MISC)
- gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b (x_refsource_MISC)
- packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.h… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-36446?
- CVE-2022-36446 is a vulnerability in N/a. Published 2022-07-25.
- Is CVE-2022-36446 known to be exploited?
- 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.