Info

Disclosure

Feb 20, 2006

Discovery

Unknown

Dates

Exploit

Feb 20, 2006

Solution

Unknown

Description

Guestbox contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a failure to properly authenticate HTTP requests for administrative functions in the action.php script. This flaw may lead to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 0.7 BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Michael Salzer

Guestbox

0.6

References

Secunia Advisory ID: 18946
CVE ID: 2006-0859 (see also: NVD)
Related OSVDB ID: 23375 23376
ISS X-Force ID: 24797
VUPEN Advisory: ADV-2006-0675
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0340.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0626.html
Vendor URL: http://spring.realone.ch/

Credit

l0om - l0omexcluded.org - Excluded

Direct URL: http://osvdb.org/23374