Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WebGUI < 7.3.8 www_purgeList Method Asset Deletion

Low

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw where an attacker can bypass security restrictions and gain administrative access to the application. Specifically, the 'www_purgeList()' function fails to validate user credentials and would allow an unauthenticated user to delete application assets.

Solution

Upgrade to version 7.3.8 or higher.