2012-09-11 18:00:00
certcc
PUBLISHED
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a files unedited contents, which allows remote attackers to read arbitrary files via the file field.