Usermin (20000)

101

Usermin is a web-based interface that lets regular users manage their Unix/Linux accounts through a browser. It allows tasks like reading email, managing files, and editing cron jobs, typically running on port 20000 as part of the Webmin suite.

# Identify a UserMin port via nmap
20000/tcp open  http    MiniServ 1.820 (Webmin httpd)

Versions

≤ 1.820

There is an authenticated remote code execution (RCE) vulnerability in Usermin ≤ 1.820 by abusing the GnuPG functionality to execute arbitrary commands on the target system. An available PoC exists.