Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
2006-09-19T18:07:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 3.6 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:P
3.9
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | usermin | usermin | ≤ 1.210 | Yes |
| Application | usermin | usermin | 0.4 | Yes |
| Application | usermin | usermin | 0.5 | Yes |
| Application | usermin | usermin | 0.6 | Yes |
| Application | usermin | usermin | 0.7 | Yes |
| Application | usermin | usermin | 0.8 | Yes |
| Application | usermin | usermin | 0.9 | Yes |
| Application | usermin | usermin | 0.91 | Yes |
| Application | usermin | usermin | 0.92 | Yes |
| Application | usermin | usermin | 0.93 | Yes |
| Application | usermin | usermin | 0.94 | Yes |
| Application | usermin | usermin | 0.95 | Yes |
| Application | usermin | usermin | 0.96 | Yes |
| Application | usermin | usermin | 0.97 | Yes |
| Application | usermin | usermin | 0.98 | Yes |
| Application | usermin | usermin | 0.99 | Yes |
| Application | usermin | usermin | 1.000 | Yes |
| Application | usermin | usermin | 1.010 | Yes |
| Application | usermin | usermin | 1.020 | Yes |
| Application | usermin | usermin | 1.030 | Yes |
| Application | usermin | usermin | 1.040 | Yes |
| Application | usermin | usermin | 1.051 | Yes |
| Application | usermin | usermin | 1.060 | Yes |
| Application | usermin | usermin | 1.070 | Yes |
| Application | usermin | usermin | 1.080 | Yes |
| Application | usermin | usermin | 1.090 | Yes |
| Application | usermin | usermin | 1.100 | Yes |
| Application | usermin | usermin | 1.110 | Yes |
| Application | usermin | usermin | 1.120 | Yes |
| Application | usermin | usermin | 1.130 | Yes |
| Application | usermin | usermin | 1.140 | Yes |
| Application | usermin | usermin | 1.150 | Yes |