CVE-2006-3392

Exp

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

Published: 2006-07-06 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-3392 is rated High Exploit Risk (74.8/100): CVSS Medium severity, with high exploitation likelihood (EPSS 86.48%, 99th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +10.17% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-3392

EDB-ID Source Kind Published Link
2017 exploit_db edb 2006-07-15 Exploit-DB ↗
1997 exploit_db edb 2006-07-09 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-3392

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-03 76.30% 86.48% +10.17%
2 2026-05-25 78.60% 76.30% -2.30%
3 2026-03-08 78.60%

Full EPSS history (38 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-3392

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2006-3392

OS Trackers for CVE-2006-3392

vendor priority summary link
gentoo normal CVE-2006-3392: 1 GLSA(s) (200608-11), 2 atom(s) (app-admin/usermin, app-admin/webmin); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-3392
ubuntu medium CVE-2006-3392 medium priority: Ubuntu including 1 source packages (webmin), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): DNE 3, needs-triage 1. https://ubuntu.com/security/CVE-2006-3392

Affected software / configurations for CVE-2006-3392

Vendor Product Version Raw CPE
usermin usermin <= 1.210 cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*
webmin webmin <= 1.2.80 cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

References for CVE-2006-3392

URL Tags
http://attrition.org/pipermail/vim/2006-July/000923.html
http://attrition.org/pipermail/vim/2006-June/000912.html
http://secunia.com/advisories/20892 Patch Vendor Advisory
http://secunia.com/advisories/21105 Vendor Advisory
http://secunia.com/advisories/21365 Patch Vendor Advisory
http://secunia.com/advisories/22556 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-11.xml
http://www.debian.org/security/2006/dsa-1199
http://www.kb.cert.org/vuls/id/999601 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
http://www.osvdb.org/26772 Patch
http://www.securityfocus.com/archive/1/439653/100/0/threaded
http://www.securityfocus.com/archive/1/440125/100/0/threaded
http://www.securityfocus.com/archive/1/440466/100/0/threaded
http://www.securityfocus.com/archive/1/440493/100/0/threaded
http://www.securityfocus.com/bid/18744
http://www.vupen.com/english/advisories/2006/2612 Vendor Advisory
http://www.webmin.com/changes.html
cvelogic Threat Intelligence