Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities.
The advisories from American Information Security Group report the following vulnerabilities.
CWE-20: Improper Input Validation - CVE-2012-2981
An authenticated attacker may be able to execute arbitrary commands.
We are currently unaware of a practical solution to this problem. The vendor is aware of the vulnerabilities and has patches available in the development branch but an official version including the patches was not available at the time of publication.
Thanks to the American Information Security Group for reporting this vulnerability.
This document was written by Jared Allar.