Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3883

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.

Published

2014-06-21T15:55:05.103

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webmin	usermin	≤ 1.590	Yes
Application	webmin	usermin	0.4	Yes
Application	webmin	usermin	0.5	Yes
Application	webmin	usermin	0.6	Yes
Application	webmin	usermin	0.7	Yes
Application	webmin	usermin	0.80	Yes
Application	webmin	usermin	0.90	Yes
Application	webmin	usermin	0.910	Yes
Application	webmin	usermin	0.929	Yes
Application	webmin	usermin	0.930	Yes
Application	webmin	usermin	0.940	Yes
Application	webmin	usermin	0.950	Yes
Application	webmin	usermin	0.960	Yes
Application	webmin	usermin	0.970	Yes
Application	webmin	usermin	0.980	Yes
Application	webmin	usermin	0.990	Yes
Application	webmin	usermin	1.000	Yes
Application	webmin	usermin	1.010	Yes
Application	webmin	usermin	1.020	Yes
Application	webmin	usermin	1.030	Yes
Application	webmin	usermin	1.040	Yes
Application	webmin	usermin	1.050	Yes
Application	webmin	usermin	1.051	Yes
Application	webmin	usermin	1.060	Yes
Application	webmin	usermin	1.070	Yes
Application	webmin	usermin	1.080	Yes
Application	webmin	usermin	1.090	Yes
Application	webmin	usermin	1.100	Yes
Application	webmin	usermin	1.110	Yes
Application	webmin	usermin	1.120	Yes
Application	webmin	usermin	1.130	Yes
Application	webmin	usermin	1.140	Yes
Application	webmin	usermin	1.150	Yes
Application	webmin	usermin	1.160	Yes
Application	webmin	usermin	1.170	Yes
Application	webmin	usermin	1.180	Yes
Application	webmin	usermin	1.190	Yes
Application	webmin	usermin	1.200	Yes
Application	webmin	usermin	1.210	Yes
Application	webmin	usermin	1.220	Yes
Application	webmin	usermin	1.230	Yes
Application	webmin	usermin	1.240	Yes
Application	webmin	usermin	1.250	Yes
Application	webmin	usermin	1.260	Yes
Application	webmin	usermin	1.270	Yes
Application	webmin	usermin	1.280	Yes
Application	webmin	usermin	1.290	Yes
Application	webmin	usermin	1.300	Yes
Application	webmin	usermin	1.310	Yes
Application	webmin	usermin	1.320	Yes
Application	webmin	usermin	1.330	Yes
Application	webmin	usermin	1.340	Yes
Application	webmin	usermin	1.350	Yes
Application	webmin	usermin	1.360	Yes
Application	webmin	usermin	1.370	Yes
Application	webmin	usermin	1.380	Yes
Application	webmin	usermin	1.390	Yes
Application	webmin	usermin	1.400	Yes
Application	webmin	usermin	1.410	Yes
Application	webmin	usermin	1.420	Yes
Application	webmin	usermin	1.430	Yes
Application	webmin	usermin	1.440	Yes
Application	webmin	usermin	1.450	Yes
Application	webmin	usermin	1.460	Yes
Application	webmin	usermin	1.470	Yes
Application	webmin	usermin	1.480	Yes
Application	webmin	usermin	1.490	Yes
Application	webmin	usermin	1.500	Yes
Application	webmin	usermin	1.510	Yes
Application	webmin	usermin	1.520	Yes
Application	webmin	usermin	1.530	Yes
Application	webmin	usermin	1.540	Yes
Application	webmin	usermin	1.550	Yes
Application	webmin	usermin	1.560	Yes
Application	webmin	usermin	1.570	Yes
Application	webmin	usermin	1.580	Yes

References

http://jvn.jp/en/jp/JVN48805624/index.html ([email protected])
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000057 ([email protected])
https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html ([email protected])
http://jvn.jp/en/jp/JVN48805624/index.html (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000057 (af854a3a-2127-422b-91ae-364da2661108)
https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html (af854a3a-2127-422b-91ae-364da2661108)