CVE-2019-15107

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

Basic Information

CVE State: PUBLISHED
Reserved Date: August 15, 2019
Published Date: August 16, 2019
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-10-10 09:05:55 UTC) Source

References

http://www.webmin.com/security.html https://www.exploit-db.com/exploits/47230 http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webmin_backdoor.rb	2025-04-29 11:01:16 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-15107.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

webmin_backdoor

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-15107

MasterCode112/CVE-2019-15107

Type: github • Created: 2024-12-19 08:52:03 UTC • Stars: 0

webmin or minisever RCE

grayorwhite/CVE-2019-15107

Type: github • Created: 2024-09-25 17:22:52 UTC • Stars: 0

CVE-2019-15107 webmin 취약점에 대해서 직접 서버를 구축하고 공격 결과를 남긴 정보입니다.

NasrallahBaadi/CVE-2019-15107

Type: github • Created: 2024-08-29 13:58:36 UTC • Stars: 0

CVE-2019-15107 Webmin unauthenticated RCE

olingo99/CVE-2019-15107

Type: github • Created: 2023-11-09 12:14:11 UTC • Stars: 0

h4ck0rman/CVE-2019-15107

Type: github • Created: 2023-08-19 05:41:39 UTC • Stars: 0

K3ysTr0K3R/CVE-2019-15107-EXPLOIT

Type: github • Created: 2023-05-08 00:25:37 UTC • Stars: 6

A PoC exploit for CVE-2019-15107 - Webmin Remote Code Execution

g1vi/CVE-2019-15107

Type: github • Created: 2023-03-31 20:56:39 UTC • Stars: 0

webmin <=1.920 - RCE via command injection vulnerability

wenruoya/CVE-2019-15107

Type: github • Created: 2023-03-09 14:43:29 UTC • Stars: 2

CVE-2019-15107 图形化测试程序

CyberTuz/CVE-2019-15107_detection

Type: github • Created: 2021-10-10 09:05:55 UTC • Stars: 0

whokilleddb/CVE-2019-15107

Type: github • Created: 2021-07-02 19:51:18 UTC • Stars: 3

CVE-2019-15107 Webmin Exploit in C

diegojuan/CVE-2019-15107

Type: github • Created: 2020-12-03 15:43:39 UTC • Stars: 0

MuirlandOracle/CVE-2019-15107

Type: github • Created: 2020-11-09 21:46:57 UTC • Stars: 48

ruthvikvegunta/CVE-2019-15107

Type: github • Created: 2020-08-08 10:17:03 UTC • Stars: 5

Webmin <=1.920 RCE

cdedmondson/Modified-CVE-2019-15107

Type: github • Created: 2020-06-20 19:03:03 UTC • Stars: 0

ianxtianxt/CVE-2019-15107

Type: github • Created: 2019-12-15 13:42:28 UTC • Stars: 0

AleWong/WebminRCE-EXP-CVE-2019-15107-

Type: github • Created: 2019-10-24 05:19:20 UTC • Stars: 3

Remote Code Execution Vulnerability in Webmin

AdministratorGithub/CVE-2019-15107

Type: github • Created: 2019-08-23 11:10:01 UTC • Stars: 3

CVE-2019-15107 webmin python3

ketlerd/CVE-2019-15107

Type: github • Created: 2019-08-22 12:07:16 UTC • Stars: 0

Implementation of CVE-2019-15107 exploit in python

jas502n/CVE-2019-15107

Type: github • Created: 2019-08-19 07:43:16 UTC • Stars: 63

CVE-2019-15107 Webmin RCE (unauthorized)