| VID |
21700 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WebGUI, according to its version number, has a Perl code execution vulnerabilities. WebGUI is a content management system written in Perl, developed by PLAINBLACK Software. WebGUI versions 6.1.0 through 6.7.3 could allow a remote attacker to execute arbitrary Perl code, caused by improper filtering of user-supplied input to various parameters used in the Help.pm, International.pm, and WebGUI.pm modules. A remote attacker could exploit this vulnerability to execute arbitrary commands in the context of the Web server hosting the vulnerable application.
* Note: This check solely relied on the version number of WebGUI installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions
http://secunia.com/advisories/16682/
* Platforms Affected:
PLAINBLACK Software, WebGUI versions 6.1.0 through 6.7.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WebGUI (6.7.3 or later), available from the PLAINBLACK Software Web site at http://www.plainblack.com/webgui |
| Related URL |
CVE-2005-2837 (CVE) |
| Related URL |
14732 (SecurityFocus) |
| Related URL |
22124 (ISS) |
|
