Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WebGUI < 7.3.14 viewList() Function Authentication Bypass

Low

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running WebGUI, a content management framework. The remote version of this software is vulnerable to a flaw where an attacker can bypass security restrictions and gain administrative access to the application. Specifically, the 'viewList()' function of the 'lib/WebGUI/Asset/Wobject/DataForm.pm' script fails to validate user credentials and would allow an unauthenticated user access to confidential data.

Solution

Upgrade to version 7.3.14 or higher.