SECUNIA ADVISORY ID: SA23981

VERIFY ADVISORY: http://secunia.com/advisories/23981/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: WebGUI 7.x - http://secunia.com/product/13252/

DESCRIPTION: Lucas Bartholemy has reported a vulnerability in WebGUI, which can be exploited by malicious users to delete assets. The vulnerability is caused due to the "www_purgeList()" method not correctly checking the permissions of a user when deleting an asset. The vulnerability is reported in all 7.x versions prior to 7.3.8.

SOLUTION: Update to version 7.3.8.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Lucas Bartholemy.

ORIGINAL ADVISORY:
http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions
http://sourceforge.net/project/shownotes.php?release_id=481584