Family: CGI abuses --> Category: infos
Ecartis Username Spoofing Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of lsg2.cgi
Detailed Explanation for this Vulnerability Test
The remote host is running the Ecartis Mailing List Manager
web interface (lsg2.cgi).
There is a vulnerability in versions older than 1.0.0 snapshot 20030227
which allows a possible hacker to spoof a username while changing passwords,
thus gaining the control of the mailing list.
*** Nessus solely relied on the version number of this CGI,
*** so this might be a false positive.
Solution : Upgrade to version 1.0.0 snapshot 20030227
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.