← back
CVE-2019-9624

CVE-2019-9624

EPSS 23.7%
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 23.7%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
17 Jan 2019Metasploit module available
07 Mar 2019Published on NVD
08 Jan 2026Public PoC
Weaponization speed
2499 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.