Primary

Context

Webmin Squid Module Cache Manager Argument Quoting Vulnerability

Vulnerability

Patched

A vulnerability exists in Webmin versions prior to 2.600 within the Squid module's Cache Manager feature. The issue arises because the 'cachemgr.cgi' file does not properly quote command-line arguments. This vulnerability is relevant for authenticated users with specific Cache Manager permissions.

Impact

Exploitation of this vulnerability could lead to command injection, allowing an authenticated user to execute arbitrary commands on the server.

Reproduction

To reproduce this vulnerability, an authenticated user with the 'cms' security option must access the Squid module's Cache Manager feature. The user can then send a request that includes unquoted arguments, which the server will execute, potentially leading to command injection.

Remediation

Users can upgrade to Webmin version 2.610 or later, where this vulnerability has been fixed.

Added: Dec 11, 2025, 7:19 AM

Updated: Dec 11, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

5.9

remediation

7.7

relevance

1.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

5.9

remediation

7.7

relevance

1.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Webmin Squid Module Cache Manager Argument Quoting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Webmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating