{"uuid": "101ae387-84d3-4d31-9572-95463906479f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-15642", "type": "seen", "source": "https://t.me/arpsyndicate/209", "content": "#ExploitObserverAlert\n\nCVE-2019-15642\n\nDESCRIPTION: Exploit Observer has 21 entries related to CVE-2019-15642. rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n\nFIRST-EPSS: 0.269940000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T05:26:25.000000Z"}