| VID |
21743 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WebGUI program is vulnerable to a command execution vulnerability in the class paramater. WebGUI is a content management system written in Perl, developed by PLAINBLACK Software. WebGUI versions 6.3.0 through 6.7.5 could allow a remote attacker to execute arbitrary system commands, caused by improper validation of user-supplied input passed to the class parameter of the index.pl script. A remote attacker could inject arbitrary commands to execute arbitrary shell commands on the system with privileges of the Web server process.
* References:
http://www.plainblack.com/getwebgui/advisories/security-exploit-patch-for-6.3-and-above
http://secunia.com/advisories/17158/
* Platforms Affected:
PLAINBLACK Software, WebGUI versions 6.3.0 through 6.7.5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WebGUI (6.7.6 or later), available from the PLAINBLACK Software Web site at http://www.plainblack.com/webgui |
| Related URL |
CVE-2005-4694 (CVE) |
| Related URL |
15083 (SecurityFocus) |
| Related URL |
22730 (ISS) |
|
