GCVE - cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*

part: a version: 1.480 update: *

Vendor	Gentoo (`7fa277de-5a05-5db1-a5d1-2f4db074c494`)
Product	Webmin (`47ccfb99-e495-5efd-9707-44e022963268`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/dilos/webmin`	purl2cpe	2026-06-01 10:12:48.597107
`pkg:github/webmin/webmin`	purl2cpe	2026-06-01 10:12:48.597109
`pkg:rpm/opensuse/webmin`	purl2cpe	2026-06-01 10:12:48.597110
`pkg:sourceforge/webadmin`	purl2cpe	2026-06-01 10:12:48.597111

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4893`	vulnerable	2026-06-03 14:32:26.074075	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. Published: 2012-09-11T19:00:00.000Z Updated: 2024-09-16T17:53:18.089Z Open on db.gcve.eu Reference links http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf http://www.kb.cert.org/vuls/id/788478 http://americaninfosec.com/research/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2983`	vulnerable	2026-06-03 14:31:56.137108	Details available file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. Published: 2012-09-11T18:00:00.000Z Updated: 2024-08-06T19:50:05.319Z Open on db.gcve.eu Reference links http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf http://www.kb.cert.org/vuls/id/788478 http://www.securitytracker.com/id?1027507 http://americaninfosec.com/research/index.html https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2982`	vulnerable	2026-06-03 14:31:56.135802	Details available file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a \| (pipe) character. Published: 2012-09-11T18:00:00.000Z Updated: 2024-08-06T19:50:05.315Z Open on db.gcve.eu Reference links http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf http://www.kb.cert.org/vuls/id/788478 https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213 http://www.securitytracker.com/id?1027507 http://americaninfosec.com/research/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2981`	vulnerable	2026-06-03 14:31:56.130699	Details available Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. Published: 2012-09-11T18:00:00.000Z Updated: 2024-08-06T19:50:05.335Z Open on db.gcve.eu Reference links http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf http://www.kb.cert.org/vuls/id/788478 http://www.securitytracker.com/id?1027507 http://americaninfosec.com/research/index.html https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.