WebGUI < 7.3.14 viewList() Function Authentication Bypass
Low Nessus Network Monitor Plugin ID 4035
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw where an attacker can bypass security restrictions and gain administrative access to the application. Specifically, the 'viewList()' function of the 'lib/WebGUI/Asset/Wobject/DataForm.pm' script fails to validate user credentials and would allow an unauthenticated user access to confidential data.
SolutionUpgrade to version 7.3.14 or higher.