cbcvebase.
CVE-2012-2983
published 2012-09-11

CVE-2012-2983: file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers…

PriorityP344medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.46%
97.2th percentile
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Affected

39 ranges· showing 25
VendorProductVersion rangeFixed in
gentoowebmin<= 1.590
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin
gentoowebmin

Detection & IOCsextracted from sources · hover to see the quote

path/file/edit_html.cgi
versionWebmin 1.580
  • Monitor HTTP requests to edit_html.cgi containing a 'file' parameter with directory traversal sequences (e.g., '../') to detect exploitation attempts targeting arbitrary file read.
  • The exploit requires an authenticated session with access to the File Manager Module; alert on authenticated users accessing edit_html.cgi with file paths outside expected web root directories.
  • The Metasploit auxiliary module 'auxiliary/admin/webmin/edit_html_fileaccess' can be used to validate exposure; presence of this module in logs or IDS signatures indicates active exploitation tooling.
  • ·Exploitation requires the attacker to be authenticated and have access to the File Manager Module — unauthenticated exploitation is not possible.
  • ·The Metasploit module was tested specifically against Webmin 1.580 on Ubuntu 10.04; behavior on other OS/version combinations may differ.
  • ·The NVD advisory covers Webmin 1.590 and earlier as the vulnerable range, while the Metasploit module specifically targets 1.580; detections should cover the full range up to and including 1.590.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.