Title: E-Guest Server Side Include Arbitrary Command Execution Vulnerability
Severity: HIGH
Description:
E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.
A problem with the guest book could make it possible for a remote user to execute arbitrary commands through a vulnerable implementation.
E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host. This could result in a user gaining local access with the privileges of the HTTP server.
Affected Products:
- Leung Eric E-Guest 1.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
