Family: CGI abuses --> Category: destructive_attack
GuppY <= 4.5.9 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in GuppY <= 4.5.9
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The remote host is running GuppY, a content management system written
The version of GuppY installed on the remote host does not sanitize
user input to the server variable 'REMOTE_ADDR' before using it in the
'error.php' script as part of an include script. An unauthenticated
attacker can leverage this issue to run arbitrary code on the remote
host subject to the rights of the web server user id.
In addition, the application reportedly is prone to several local file
include and information disclosure vulnerabilities in scripts used for
See also :
Unknown at this time.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.