How to remediate – Webmin 1.880 Local File Inclusion Vulnerability

Contents

1. Introduction

Webmin 1.880 contains a Local File Inclusion vulnerability. This allows an attacker to read arbitrary files on the server, potentially exposing sensitive information like passwords and configuration details. Systems running Webmin versions 1.840 or 1.880 are affected. Successful exploitation could lead to confidentiality, integrity, and availability compromise.

2. Technical Explanation

The vulnerability occurs because Webmin does not sufficiently restrict access to files when handling log viewing requests. An attacker can manipulate the request to read files outside of intended directories. The scanner identified this based on the application’s self-reported version number, and has not tested for these issues directly. CVE-2018-8712 describes this vulnerability.

Root cause: Insufficient input validation when processing file paths for log viewing functionality.
Exploit mechanism: An attacker can craft a URL with a malicious path to access files on the server. For example, by modifying parameters related to log file selection.
Scope: Webmin versions 1.840 and 1.880 are affected.

3. Detection and Assessment

Confirming vulnerability involves checking the installed Webmin version. A thorough assessment would involve attempting to access restricted files.

Quick checks: Check the Webmin version via the web interface under ‘System Information’ or using the command line if available.
Scanning: Nessus and OpenVAS may have signatures for this vulnerability, but results should be verified.
Logs and evidence: Examine Webmin access logs for unusual file requests or errors related to file access.

# No specific command is available without knowing the host OS and Webmin configuration. Check the web interface under 'System Information'.

4. Solution / Remediation Steps

The recommended solution is to disable unrestricted file viewing within the Webmin configuration.

4.1 Preparation

Ensure you have access to the Webmin configuration interface or command line. A roll back plan involves restoring the original configuration file.
Consider a change window if this is a production system and requires approval from relevant stakeholders.

4.2 Implementation

Step 1: Log in to the Webmin web interface as an administrator.
Step 2: Navigate to ‘System’ -> ‘Logging’.
Step 3: Set the option ‘Can view any files as a log’ to ‘No’.
Step 4: Save the changes.

4.3 Config or Code Example

Before

# In config file (example):
can_view_any_files_as_log = 1

After

# In config file (example):
can_view_any_files_as_log = 0

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of issue.

Practice 1: Least privilege – limit the permissions granted to Webmin and its users, reducing potential damage from exploitation.

4.5 Automation (Optional)

No suitable automation script is provided as this requires specific configuration access methods.

5. Verification / Validation

Confirm the fix by verifying the ‘Can view any files as a log’ option is set to ‘No’. Attempting to access restricted files should now be blocked.

Post-fix check: Log in to Webmin and confirm that ‘Can view any files as a log’ is disabled under ‘System’ -> ‘Logging’.
Re-test: Attempt to access a file outside of the allowed directories through the web interface. You should receive an error message or be denied access.
Smoke test: Verify core Webmin functionality, such as user management and system status updates, still work correctly.
Monitoring: Monitor Webmin logs for failed file access attempts, which could indicate ongoing exploitation efforts.

# No specific command is available without knowing the host OS and Webmin configuration. Check the web interface under 'System' -> 'Logging'.

6. Preventive Measures and Monitoring

Regular security assessments and updates are crucial.

Baselines: Update your security baseline to include this configuration setting for Webmin.
Pipelines: Consider incorporating SAST tools into your CI/CD pipeline to identify similar vulnerabilities in other applications.
Asset and patch process: Implement a regular patch review cycle for all systems, including Webmin.

7. Risks, Side Effects, and Roll Back

Disabling unrestricted file viewing may impact some logging features if they rely on this functionality.

Risk or side effect 2: Ensure all users are aware of the change and understand any limitations to their access.
Roll back: Step 1: Log in to Webmin as an administrator. Step 2: Navigate to ‘System’ -> ‘Logging’. Step 3: Set the option ‘Can view any files as a log’ back to ‘Yes’. Step 4: Save changes.

8. References and Resources

Vendor advisory or bulletin: https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/
NVD or CVE entry: CVE-2018-8712
Product or platform documentation relevant to the fix: No specific documentation available.

Updated on October 26, 2025

Was this article helpful?

Yes No