How severe is CVE-2024-12828?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2024-12828?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-12828

CRITICAL Year: 2024

CVSS v3 Score

9.9

Critical

Weakness Type

CWE-78

View all →

Vulnerability Description

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.

CVE-2017-1253

CRITICAL

CVSS:9.9(Critical)

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability...

CWE-782017

CVE-2017-2866

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP req...

CWE-782017

CVE-2017-2890

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attac...

CWE-782017

CVE-2017-2917

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker ca...

CWE-782017

CVE-2017-7175

CRITICAL

CVSS:9.9(Critical)

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

CWE-782017

CVE-2017-8220

CRITICAL

CVSS:9.9(Critical)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...

CWE-782017

CVE-2024-12828

Vulnerability Description

Related Vulnerabilities

CVE-2017-1253

CVE-2017-2866

CVE-2017-2890

CVE-2017-2917

CVE-2017-7175

CVE-2017-8220