WebGUI lib/WebGUI/Storage.pm远程脚本代码执行漏洞

BUGTRAQ ID: 32602 WebGUI是一个CMS（内容管理系统）软件，主要用来方便网站内容的发布与维护。 WebGUI没有正确地过滤某些邮件附件。如果用户在使用协作系统的邮件功能的话，就可以向协作系统发送包含有可执行程序（如perl程序、shell脚本或php页面）的附件；如果Web服务器设置可可执行上述类型文件，从协作系统的web视图点击文件就会执行程序。 Plain Black Software WebGUI 7.x 临时解决方法： 编辑lib/WebGUI/Storage.pm并用以下代码替换addFileFromScalar方式： sub...

WebGUI < 6.7.6 arbitrary command execution

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...

WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution

The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may ...

WebGUI < 6.7.3 Multiple Command Execution Vulnerabilities

The remote host is running WebGUI, a content management system from Plain Black Software. According to its banner, the installed version of WebGUI on the remote host fails to sanitize user-supplied input to various sources before using it to run commands. By leveraging these flaws, an attacker ma...