GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting Installation propre (cleanup.php) and then Suppression des fichiers dinstallation (delete.php).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Guppy | Guppy | 4.0 (including) | 4.0 (including) |
References
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2728
- http://osvdb.org/35085
- http://securityreason.com/securityalert/2433
- http://www.securityfocus.com/archive/1/462584/100/0/threaded
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2728
- http://osvdb.org/35085
- http://securityreason.com/securityalert/2433
- http://www.securityfocus.com/archive/1/462584/100/0/threaded