Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
View the template here CVE-2022-36446.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-36446