CVE-2012-2982

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2012-2982
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2012-09-11 18:55:00 UTC
Updated2013-05-30 03:16:00 UTC
Descriptionfile/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Gentoo Webmin 1.140 All All All
Application Gentoo Webmin 1.150 All All All
Application Gentoo Webmin 1.160 All All All
Application Gentoo Webmin 1.170 All All All
Application Gentoo Webmin 1.180 All All All
Application Gentoo Webmin 1.200 All All All
Application Gentoo Webmin 1.210 All All All
Application Gentoo Webmin 1.220 All All All
Application Gentoo Webmin 1.230 All All All
Application Gentoo Webmin 1.240 All All All
Application Gentoo Webmin 1.260 All All All
Application Gentoo Webmin 1.270 All All All
Application Gentoo Webmin 1.280 All All All
Application Gentoo Webmin 1.290 All All All
Application Gentoo Webmin 1.300 All All All
Application Gentoo Webmin 1.310 All All All
Application Gentoo Webmin 1.320 All All All
Application Gentoo Webmin 1.330 All All All
Application Gentoo Webmin 1.340 All All All
Application Gentoo Webmin 1.370 All All All
Application Gentoo Webmin 1.380 All All All
Application Gentoo Webmin 1.390 All All All
Application Gentoo Webmin 1.400 All All All
Application Gentoo Webmin 1.410 All All All
Application Gentoo Webmin 1.420 All All All
Application Gentoo Webmin 1.430 All All All
Application Gentoo Webmin 1.440 All All All
Application Gentoo Webmin 1.450 All All All
Application Gentoo Webmin 1.470 All All All
Application Gentoo Webmin 1.480 All All All
Application Gentoo Webmin 1.500 All All All
Application Gentoo Webmin 1.510 All All All
Application Gentoo Webmin 1.520 All All All
Application Gentoo Webmin 1.530 All All All
Application Gentoo Webmin 1.550 All All All
Application Gentoo Webmin 1.560 All All All
Application Gentoo Webmin 1.570 All All All
Application Gentoo Webmin 1.580 All All All
Application Gentoo Webmin 1.140 All All All
Application Gentoo Webmin 1.150 All All All
Application Gentoo Webmin 1.160 All All All
Application Gentoo Webmin 1.170 All All All
Application Gentoo Webmin 1.180 All All All
Application Gentoo Webmin 1.200 All All All
Application Gentoo Webmin 1.210 All All All
Application Gentoo Webmin 1.220 All All All
Application Gentoo Webmin 1.230 All All All
Application Gentoo Webmin 1.240 All All All
Application Gentoo Webmin 1.260 All All All
Application Gentoo Webmin 1.270 All All All
Application Gentoo Webmin 1.280 All All All
Application Gentoo Webmin 1.290 All All All
Application Gentoo Webmin 1.300 All All All
Application Gentoo Webmin 1.310 All All All
Application Gentoo Webmin 1.320 All All All
Application Gentoo Webmin 1.330 All All All
Application Gentoo Webmin 1.340 All All All
Application Gentoo Webmin 1.370 All All All
Application Gentoo Webmin 1.380 All All All
Application Gentoo Webmin 1.390 All All All
Application Gentoo Webmin 1.400 All All All
Application Gentoo Webmin 1.410 All All All
Application Gentoo Webmin 1.420 All All All
Application Gentoo Webmin 1.430 All All All
Application Gentoo Webmin 1.440 All All All
Application Gentoo Webmin 1.450 All All All
Application Gentoo Webmin 1.470 All All All
Application Gentoo Webmin 1.480 All All All
Application Gentoo Webmin 1.500 All All All
Application Gentoo Webmin 1.510 All All All
Application Gentoo Webmin 1.520 All All All
Application Gentoo Webmin 1.530 All All All
Application Gentoo Webmin 1.550 All All All
Application Gentoo Webmin 1.560 All All All
Application Gentoo Webmin 1.570 All All All
Application Gentoo Webmin 1.580 All All All
Application Gentoo Webmin All All All All

References

ReferenceSourceLinkTags
www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_... CONFIRM www.xerox.com
Prevent use of commands in filename to show https://sourceforge.net/t… · webmin/webmin@1f1411f · GitHub CONFIRM github.com Exploit, Patch
Vulnerability Note VU#788478 - Webmin contains input validation vulnerabilities CERT-VN www.kb.cert.org Patch, US Government Resource
www.americaninfosec.com/research/dossiers/AISG-12-001.pdf MISC www.americaninfosec.com
American Information Security Group - Research MISC americaninfosec.com
Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files - SecurityTracker SECTRACK www.securitytracker.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report