|
Family: CGI abuses --> Category: destructive_attack
GuppY <= 4.5.9 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in GuppY <= 4.5.9
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running GuppY, a content management system written
in PHP.
The version of GuppY installed on the remote host does not sanitize
user input to the server variable 'REMOTE_ADDR' before using it in the
'error.php' script as part of an include script. An unauthenticated
attacker can leverage this issue to run arbitrary code on the remote
host subject to the rights of the web server user id.
In addition, the application reportedly is prone to several local file
include and information disclosure vulnerabilities in scripts used for
administration.
See also :
http://retrogod.altervista.org/guppy459_xpl.html
http://www.securityfocus.com/archive/1/417899
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|