CVE Vulnerabilities

CVE-2005-3926

Published: Nov 30, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.

Affected Software

Name Vendor Start Version End Version
Guppy Guppy 4.5 4.5
Guppy Guppy 4.5.3 4.5.3
Guppy Guppy 4.5.3a 4.5.3a
Guppy Guppy 4.5.4 4.5.4
Guppy Guppy 4.5.9 4.5.9

References