FreeBSD : webmin, usermin -- arbitrary file disclosure vulnerability (227475c2-09cb-11db-9156-000e0c2e438a)
Medium Nessus Plugin ID 21789
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe webmin development team reports :
An attacker without a login to Webmin can read the contents of any file on the server using a specially crafted URL. All users should upgrade to version 1.290 as soon as possible, or setup IP access control in Webmin.
SolutionUpdate the affected packages.