Super Guestbook superguestconfig Admin Password Disclosure

Medium Nessus Network Monitor Plugin ID 1564

Synopsis

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook.

Description

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook. There is a flaw in this version which may allow an attacker to retrieve the configuration file of this setup, which contains the password of the administrator.

Solution

Restrict remote access to the 'superguestconfig' file.

Plugin Details

Severity: Medium

ID: 1564

File Name: 1564.prm

Family: CGI

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 11536

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

BID: 7319

OSVDB: 4663