Super Guestbook superguestconfig Admin Password Disclosure

medium Nessus Network Monitor Plugin ID 1564

Synopsis

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook.

Description

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook. There is a flaw in this version which may allow an attacker to retrieve the configuration file of this setup, which contains the password of the administrator.

Solution

Restrict remote access to the 'superguestconfig' file.

Plugin Details

Severity: Medium

ID: 1564

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11536

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Reference Information

BID: 7319

Detections

Analytics