The vulnerability is found in the 'old' parameter within the 'password_change.cgi' file of Webmin. It is prone to command injection attacks, allowing malicious actors to execute arbitrary commands by exploiting this weakness in the application.
Please be aware that this exploit is provided solely for educational and research purposes. Any actions you undertake using this code are entirely your responsibility. The author(s) of this repository are not responsible for any misuse or damage caused.
Contributions are highly appreciated! If you encounter any issues or have suggestions for enhancements, feel free to open an issue or submit a pull request.