Webmin <= 1.920 Remote Code Execution (CVE-2019-15107)
Overview
Webmin 1.920 and earlier Remote Code Execution, tracked as CVE-2019-15107, affects vulnerable Webmin installations. Webmin is a browser-based administration interface for Unix-like systems, so command execution through the management panel can directly affect the host operating system.
Vulnerability Overview
CVE-2019-15107 is a command injection vulnerability in Webmin's password_change.cgi endpoint. NVD identifies the vulnerable input as the old parameter, which could be abused to execute operating system commands on affected Webmin servers.
The Webmin project later described a related build compromise in which malicious code was introduced into Webmin release artifacts. In practical terms, affected deployments should be treated as high risk because the vulnerable behavior reaches a privileged administrative service.
Impact
CVE-2019-15107 has a CVSS 3.1 score of 9.8 and is rated Critical in NVD. The score reflects network reachability, low attack complexity, no required privileges, no user interaction, and high confidentiality, integrity, and availability impact.
Successful exploitation can allow command execution on the Webmin host, access to sensitive configuration files, modification of system settings, creation of persistence, or full server compromise depending on the Webmin process privileges and host configuration.
CVE-2019-15107 is also listed in the CISA Known Exploited Vulnerabilities Catalog, which means exploitation has been confirmed in real environments.
Vulnerability Scope
NVD lists Webmin 1.920 and earlier as affected by CVE-2019-15107. Webmin's security guidance recommends upgrading to Webmin 1.930 or later for the related remote command execution issue.
The highest-risk exposure is an internet-facing Webmin service reachable by untrusted users. Because Webmin is an administrative interface, administrators should review external exposure, authentication configuration, password-change settings, logs, and host integrity when assessing affected systems.
Lab Focus
This lab focuses on understanding how command injection in an administrative web interface can lead to full host compromise. The goal is to practice recognizing management-plane exposure, evaluating the impact of unauthenticated command execution, and understanding why admin services should be patched and restricted from public access.