CVE-2007-0629 - The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions

CVE-2007-0629

Summary

The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.

References

http://osvdb.org/32992
http://secunia.com/advisories/23981
http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584
http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions
http://www.securityfocus.com/bid/22294
https://exchange.xforce.ibmcloud.com/vulnerabilities/31905

Vulnerable Configurations

cpe:2.3:a:plain_black:webgui:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:7.3.8:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

refmap via4

bid	22294
confirm	http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584 http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions
osvdb	32992
secunia	23981
xf	webgui-wwwpurgelist-security-bypass(31905)

Last major update

29-07-2017 - 01:30

Published

31-01-2007 - 18:28

Last modified

29-07-2017 - 01:30