SECUNIA ADVISORY ID: SA23981
VERIFY ADVISORY: http://secunia.com/advisories/23981/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
SOFTWARE: WebGUI 7.x - http://secunia.com/product/13252/
DESCRIPTION: Lucas Bartholemy has reported a vulnerability in WebGUI, which can be exploited by malicious users to delete assets. The vulnerability is caused due to the "www_purgeList()" method not correctly checking the permissions of a user when deleting an asset. The vulnerability is reported in all 7.x versions prior to 7.3.8.
SOLUTION: Update to version 7.3.8.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Lucas Bartholemy.
ORIGINAL ADVISORY:
http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions
http://sourceforge.net/project/shownotes.php?release_id=481584
WebGUI Asset Deletion VulnerabilityPosted on Monday, January 29, 2007 @ 10:56:30 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
