CVE-2012-4893

Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.

Published: 2012-09-11 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2012-4893 is rated Moderate Risk (46/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.85%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-4893

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.60% 0.85% +0.24%
2 2025-09-19 0.53% 0.60% +0.07%
3 2025-05-09 0.53%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-4893

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
8.6 6.4 [email protected]

Weakness enumeration for CVE-2012-4893

Affected software / configurations for CVE-2012-4893

Vendor Product Version Raw CPE
gentoo webmin <= 1.590 cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*
gentoo webmin 1.140 cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*
gentoo webmin 1.150 cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*
gentoo webmin 1.160 cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*
gentoo webmin 1.170 cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*
gentoo webmin 1.180 cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*
gentoo webmin 1.200 cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*
gentoo webmin 1.210 cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*
gentoo webmin 1.220 cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*
gentoo webmin 1.230 cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*
gentoo webmin 1.240 cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*
gentoo webmin 1.260 cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*
gentoo webmin 1.270 cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*
gentoo webmin 1.280 cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*
gentoo webmin 1.290 cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*
gentoo webmin 1.300 cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*
gentoo webmin 1.310 cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*
gentoo webmin 1.320 cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*
gentoo webmin 1.330 cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*
gentoo webmin 1.340 cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*
gentoo webmin 1.370 cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*
gentoo webmin 1.380 cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*
gentoo webmin 1.390 cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*
gentoo webmin 1.400 cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*
gentoo webmin 1.410 cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*
gentoo webmin 1.420 cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*
gentoo webmin 1.430 cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*
gentoo webmin 1.440 cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*
gentoo webmin 1.450 cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*
gentoo webmin 1.470 cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*
gentoo webmin 1.480 cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*
gentoo webmin 1.500 cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*
gentoo webmin 1.510 cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*
gentoo webmin 1.520 cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*
gentoo webmin 1.530 cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*
gentoo webmin 1.550 cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*
gentoo webmin 1.560 cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*
gentoo webmin 1.570 cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*
gentoo webmin 1.580 cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*

References for CVE-2012-4893

cvelogic Threat Intelligence