Summary
The remote web server contains a CGI script that is prone to arbitrary code execution.
Description :
The remote host is running WebGUI, a content management system from Plain Black Software.
The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may be able to execute arbitrary commands on the remote host within the context of the affected web server userid.
Solution
Upgrade to WebGUI 6.7.6 or later.
Severity
Classification
-
CVE CVE-2005-4694 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- b2ePMS Multiple SQL Injection Vulnerabilities
- 'research_display.php' SQL Injection Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability