Vulnerabilities > CVE-2005-4694

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

NVD

Published: 2005-12-31

Updated: 2024-11-21

Summary

Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Plain_Black Plain Black Webgui 6.7.3 Plain Black Webgui 6.6.2 Plain Black Webgui 6.5.0 Plain Black Webgui 6.6.0 Plain Black Webgui 6.6.5 Plain Black Webgui 6.7.2 Plain Black Webgui 6.5.4 Plain Black Webgui 6.7.4 Plain Black Webgui 6.5.3 Plain Black Webgui 6.6.4 Plain Black Webgui 6.5.6 Plain Black Webgui 6.5.2 Plain Black Webgui 6.6.3 Plain Black Webgui 6.5.1 Plain Black Webgui 6.7.1 Plain Black Webgui 6.5.5 Plain Black Webgui 6.7.0 Plain Black Webgui 6.3.0 Plain Black Webgui 6.7.5 Plain Black Webgui 6.4.0 Plain Black Webgui 6.6.1	21

Nessus

NASL family	CGI abuses
NASL id	WEBGUI_REMOTE_CMD_EXEC.NASL
description	The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the
last seen	2020-06-01
modified	2020-06-02
plugin id	20014
published	2005-10-17
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20014
title	WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(20014); script_version("1.17"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2005-4694"); script_bugtraq_id(15083); script_name(english:"WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution"); script_summary(english:"Checks for arbitrary remote command execution in WebGUI < 6.7.6"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a CGI script that is prone to arbitrary code execution."); script_set_attribute(attribute:"description", value: "The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may be able to execute arbitrary commands on the remote host within the context of the affected web server userid."); # http://web.archive.org/web/20070307175826/http://www.plainblack.com/getwebgui/advisories/security-exploit-patch-for-6.3-and-above script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?37c9ea6b"); script_set_attribute(attribute:"solution", value:"Upgrade to WebGUI 6.7.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:plain_black:webgui"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); exit(0); } include("http_func.inc"); include("http_keepalive.inc"); http_check_remote_code_ka ( check_request:"/index.pl/homels?func=add;class=WebGUI::Asset::Wobject::Article%3bprint%20%60id%60;", check_result:"uid=[0-9]+.gid=[0-9]+.", extra_check:'<meta name="generator" content="WebGUI 6', command:"id" );

Vulnerabilities > CVE-2005-4694 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2005-4694"}]}

Summary

Vulnerable Configurations

Nessus

References

Vulnerabilities > CVE-2005-4694