Flawed code traced to home build system, vulnerability can be attacked in certain configs
The maintainers of Webmin – an open-source application for system administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations.
Joe Cooper, one of the contributing developers, announced the patch in a blog post over the weekend.
"This release addresses CVE-2019-15107, which was disclosed earlier today," Cooper said. "We received no advance notification of it, which is unusual and unethical on the part of the researcher who discovered it. But, ..