Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Webmin 安全漏洞
Vulnerability Description
Webmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 2.510版本存在安全漏洞,该漏洞源于密码重置功能中未验证HTTP Host标头,可能导致攻击者注入恶意域名并拦截重置令牌,从而完全控制目标账户。
CVSS Information
N/A
Vulnerability Type
N/A