|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
RNN Guestbook's gbadmin.cgi script only asks for authentication when attempting to access the main admin page. If an attacker provides a specific QUERY_STRING with the gbadmin.cgi request, the script will not require authentication. This allows a remote attacker to have full administrative control over the guestbook system.
|
|
Classification |
Unknown or Incomplete
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by disabling all access to the guestbook scripts until a patch or upgrade is made available.
|
|
Products |
|
Guestbook
 |
1.2 |
|
|
|
|
Tools & Filters |
|
Nikto
|
1498
1499
1500
1501
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|