Detections
Analytics
WebGUI < 7.3.14 viewList() Function Authentication Bypass
medium Nessus Network Monitor Plugin ID 4035
Synopsis
The remote host is vulnerable to a flaw that allows for the bypassing of authentication.Description
The remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw where an attacker can bypass security restrictions and gain administrative access to the application. Specifically, the 'viewList()' function of the 'lib/WebGUI/Asset/Wobject/DataForm.pm' script fails to validate user credentials and would allow an unauthenticated user access to confidential data.Solution
Upgrade to version 7.3.14 or higher.See Also
http://www.plainblack.com/news/news/webgui-7.3.14-stable-released#Jn_xXJGnOmhocvq7vrNH-w