WebGUI < 6.7.6 Arbitrary Command Execution Network Vulnerability

Summary

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may be able to execute arbitrary commands on the remote host within the context of the affected web server userid.

Solution

Upgrade to WebGUI 6.7.6 or later.

Severity

Classification

CVE CVE-2005-4694
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
Atmail Multiple Unspecified Security Vulnerabilities.
artmedic_links5 File Inclusion Vulnerability
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities

WebGUI < 6.7.6 arbitrary command execution

Take action and discover your vulnerabilities