← Back

CVE-2014-3883

nvd nist
Published: Jun 21, 2014Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.

Affected (76)

Products: Webmin: Usermin
Webmin
1 product
Usermin
Configuration A
76 vulnerable
Vulnerable SoftwareAffected Versions
Webmin
Usermin
Up to 1.590
Usermin
Version 0.4
Usermin
Version 0.5
Usermin
Version 0.6
Usermin
Version 0.7
Usermin
Version 0.80
Usermin
Version 0.90
Usermin
Version 0.910
Usermin
Version 0.929
Usermin
Version 0.930
Usermin
Version 0.940
Usermin
Version 0.950
Usermin
Version 0.960
Usermin
Version 0.970
Usermin
Version 0.980
Usermin
Version 0.990
Usermin
Version 1.000
Usermin
Version 1.010
Usermin
Version 1.020
Usermin
Version 1.030
Usermin
Version 1.040
Usermin
Version 1.050
Usermin
Version 1.051
Usermin
Version 1.060
Usermin
Version 1.070
Usermin
Version 1.080
Usermin
Version 1.090
Usermin
Version 1.100
Usermin
Version 1.110
Usermin
Version 1.120
Usermin
Version 1.130
Usermin
Version 1.140
Usermin
Version 1.150
Usermin
Version 1.160
Usermin
Version 1.170
Usermin
Version 1.180
Usermin
Version 1.190
Usermin
Version 1.200
Usermin
Version 1.210
Usermin
Version 1.220
Usermin
Version 1.230
Usermin
Version 1.240
Usermin
Version 1.250
Usermin
Version 1.260
Usermin
Version 1.270
Usermin
Version 1.280
Usermin
Version 1.290
Usermin
Version 1.300
Usermin
Version 1.310
Usermin
Version 1.320
Usermin
Version 1.330
Usermin
Version 1.340
Usermin
Version 1.350
Usermin
Version 1.360
Usermin
Version 1.370
Usermin
Version 1.380
Usermin
Version 1.390
Usermin
Version 1.400
Usermin
Version 1.410
Usermin
Version 1.420
Usermin
Version 1.430
Usermin
Version 1.440
Usermin
Version 1.450
Usermin
Version 1.460
Usermin
Version 1.470
Usermin
Version 1.480
Usermin
Version 1.490
Usermin
Version 1.500
Usermin
Version 1.510
Usermin
Version 1.520
Usermin
Version 1.530
Usermin
Version 1.540
Usermin
Version 1.550
Usermin
Version 1.560
Usermin
Version 1.570
Usermin
Version 1.580

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.