WebGUI < 7.5.13 RSS Feed Authentication Bypass
Medium Nessus Network Monitor Plugin ID 4559
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw in the way that it handles access to data. Protected data can be accessed by requesting the data within an RSS feed. An attacker exploiting this flaw would only need the ability to request an RSS subscription.
SolutionUpgrade to version 7.5.13 or higher.