WebGUI Asset Deletion Vulnerability

Posted on Monday, January 29, 2007 @ 10:56:30 PST in Security
by Raven

SECUNIA ADVISORY ID: SA23981

VERIFY ADVISORY: http://secunia.com/advisories/23981/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: WebGUI 7.x - http://secunia.com/product/13252/

DESCRIPTION: Lucas Bartholemy has reported a vulnerability in WebGUI, which can be exploited by malicious users to delete assets.
The vulnerability is caused due to the "www_purgeList()" method not correctly checking the permissions of a user when deleting an asset. The vulnerability is reported in all 7.x versions prior to 7.3.8.

SOLUTION: Update to version 7.3.8.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Lucas Bartholemy.

ORIGINAL ADVISORY:
http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions
http://sourceforge.net/project/shownotes.php?release_id=481584
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,906,829
  • Today: 38,637
Server InfoServer Info
  • Oct 22, 2018
  • 11:26 am PDT
 
 

Daily Inspiration