Webmin Attachment Handling Vulnerability in Mailboxes Component

A vulnerability exists in Webmin versions prior to 2.640 within the mailboxes component. The issue arises because the application does not properly sanitize filenames when saving attachments, particularly in the 'detachall.cgi' script. This flaw could potentially be exploited to manipulate file handling in an unintended manner.

Impact

Exploitation of this vulnerability could lead to improper file handling, potentially allowing for the execution of malicious files or scripts.

Reproduction

To reproduce this vulnerability, upload an attachment through the Webmin mailboxes component, specifically using the 'detachall.cgi' script. The attachment filename can be crafted to include unsafe characters, such as newlines or directory traversal sequences. Once the attachment is uploaded, the vulnerability can be observed by downloading the file and noting that the filename has not been properly sanitized.

Remediation

Users can upgrade to Webmin version 2.641 or later, where this vulnerability has been addressed.