CVE-2019-9624
CVE-2019-9624
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 23.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
17 Jan 2019Metasploit module available
07 Mar 2019Published on NVD
08 Jan 2026Public PoC
Weaponization speed
2499 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Affected products
n/a · n/apublic PoCs found — 2
githubgithub.com/x0rbeexd/CVE-2019-9624★ 0cve_referencewww.exploit-db.com/exploits/46201unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.