https://github.com/p0dalirius/cve-2022-36446-webmin-software-package-updates-rce

A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
https://github.com/p0dalirius/cve-2022-36446-webmin-software-package-updates-rce

cve-2022-36446 exploit package rce software update webmin

Last synced: about 1 month ago
JSON representation

A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.

• Host: GitHub
• URL: https://github.com/p0dalirius/cve-2022-36446-webmin-software-package-updates-rce
• Owner: p0dalirius
• Created: 2022-08-11T11:47:17.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-01-31T09:36:30.000Z (3 months ago)
• Last Synced: 2025-03-29T16:04:36.557Z (about 1 month ago)
• Topics: cve-2022-36446, exploit, package, rce, software, update, webmin
• Language: Python
• Homepage: https://podalirius.net/
• Size: 633 KB
• Stars: 112
• Watchers: 3
• Forks: 35
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

        
![](./.github/banner.png)



  A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.

  


  

  

  

  




## Features

 - [x] Supports HTTP and HTTPS (even with self-signed certificates with `--insecure`).

 - [x] Single command execution with `--command` option.

 - [x] Interactive console with `--interactive` option.

## Usage

```

$ ./CVE-2022-36446.py -h

CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated) v1.1 - by Remi GASCOU (Podalirius)

usage: CVE-2022-36446.py [-h] -t TARGET [-k] -u USERNAME -p PASSWORD (-I | -C COMMAND) [-v]

CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated)

optional arguments:

  -h, --help            show this help message and exit

  -t TARGET, --target TARGET

                        URL to the webmin instance

  -k, --insecure

  -u USERNAME, --username USERNAME

                        Username to connect to the webmin.

  -p PASSWORD, --password PASSWORD

                        Password to connect to the webmin.

  -I, --interactive     Interactive console mode.

  -C COMMAND, --command COMMAND

                        Only execute the specified command.

  -v, --verbose         Verbose mode. (default: False)

```

## Mitigation

Update to Webmin >= 1.997.

## Demonstration

https://user-images.githubusercontent.com/79218792/184222596-3878e169-92ec-4507-99b5-3fe2c1d39360.mp4

## Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

## References

 - Vulnerable version: https://github.com/webmin/webmin/releases/download/1.996/webmin_1.996_all.deb

 - https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde