CVE-2019-12840

In Webmin through 1.910, any user authorized to the “Package Updates” module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Source: NIST
CVE-2019-12840