{"id":"CVE-2021-31762","details":"Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.","modified":"2026-04-12T02:46:54.794542Z","published":"2021-04-25T19:15:08.240Z","references":[{"type":"PACKAGE","url":"https://github.com/webmin/webmin"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"},{"type":"EVIDENCE","url":"https://github.com/Mesh3l911/CVE-2021-31762"},{"type":"EVIDENCE","url":"https://github.com/electronicbots/CVE-2021-31762"},{"type":"EVIDENCE","url":"https://youtu.be/qCvEXwyaF5U"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webmin/webmin","events":[{"introduced":"0"},{"last_affected":"d7323047251d03763064e7478d1e176546dd24f4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.973"}],"cpe":"cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["1.700","1.710","1.720","1.730","1.740","1.750","1.760","1.770","1.780","1.790","1.800","1.801","1.810","1.820","1.830","1.831","1.840","1.850","1.860","1.870","1.880","1.890","1.900","1.910","1.920","1.930","1.940","1.941","1.950","1.951","1.953","1.954","1.955","1.960","1.962","1.970","1.972","1.973"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31762.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}