WebGUI < 7.3.8 www_purgeList Method Asset Deletion
Low Nessus Network Monitor Plugin ID 3897
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw where an attacker can bypass security restrictions and gain administrative access to the application. Specifically, the 'www_purgeList()' function fails to validate user credentials and would allow an unauthenticated user to delete application assets.
SolutionUpgrade to version 7.3.8 or higher.