Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605