Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 14 May 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Webmin
Webmin usermin
Weaknesses CWE-94
CPEs cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*
Vendors & Products Webmin
Webmin usermin

Mon, 28 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 28 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
Weaknesses CWE-96
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-04-28T15:26:11.894Z

Reserved: 2015-02-24T00:00:00.000Z

Link: CVE-2015-2079

cve-icon Vulnrichment

Updated: 2025-04-28T15:17:24.931Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-28T15:15:44.007

Modified: 2025-05-14T18:59:44.720

Link: CVE-2015-2079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.