Detections
Analytics

Beanwebb's Guestbook 1.0 Multiple Vulnerabilities

high Nessus Plugin ID 11500

Language:

Synopsis

The remote host is running a web application that is affected by multiple vulnerabilities.

Description

The remote host is running Beanwebb's Guestbook. This set of CGIs has two vulnerabilities :

 - Anyone can access the admin page (admin.php)

 - It is vulnerable to cross-site scripting attacks (in add.php)

An attacker may use these flaws to steal the cookies of your users or to inject fake information in the guestbook.

Solution

There is no known solution at this time.

See Also

https://seclists.org/bugtraq/2003/Mar/439

Plugin Details

Severity: High

ID: 11500

File Name: guestbook_beanwebb.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 3/30/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7231, 7232

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990