Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2006-3392
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Webmin/Usermin未明信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Webmin 1.290之前版本和Usermin 1.220之前版本在解码HTML之前调用simplify_path 函数,可以使远程攻击者读取任意文件,比如使用"..%01"序列,该序列可在从文件名中删除诸如"%01"等字节之前绕过"../" 序列的删除。注: 此漏洞不同于CVE-2006-3274。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2006-3392
#POC DescriptionSource LinkShenlong Link
1Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Python3)https://github.com/0xtz/CVE-2006-3392POC Details
2This small script helps to avoid using MetaSploit (msfconsole) during the Enterprise pentests and OSCP-like exams. Grep included function will help you to get only the important information.https://github.com/IvanGlinkin/CVE-2006-3392POC Details
3It is a simple tool to exploit local file include . vulnerabilitieshttps://github.com/Adel-kaka-dz/CVE-2006-3392POC Details
4Python script to exploit webmin vulnerability cve-2006-3392https://github.com/gb21oc/ExploitWebminPOC Details
5Webmin Local File Include (unauthenticated)https://github.com/kernel-cyber/CVE-2006-3392POC Details
6Webmin < 1.290 / Usermin < 1.220 - Arbitrary file disclosurehttps://github.com/g1vi/CVE-2006-3392POC Details
7Nonehttps://github.com/MrEmpy/CVE-2006-3392POC Details
8Nonehttps://github.com/brosck/CVE-2006-3392POC Details
9Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplify_path function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2006/CVE-2006-3392.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2006-3392
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2006-3392

No comments yet

Leave a comment