| VID |
210083 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The GuppY program is vulnerable to a remote file include vulnerability via the 'selskin' parameter. GuppY is a CMS (Content Management System) written in PHP that doesn't require any database to run. GuppY versions 4.6.3 and earlier are vulnerable to a remote file include vulnerability, caused by input validation errors in the 'inc/includes.inc' and 'inc/boxleft.inc' scripts when processing the 'selskin' parameter. By sending a specially-crafted URL request to the 'index.php' script using the 'selskin' parameter, regardless of PHP's 'register_globals' setting, a remote attacker could exploit this vulnerability to execute arbitrary PHP code with the privileges of the web server.
* References:
http://www.frsirt.com/english/advisories/2007/3750
http://secunia.com/advisories/23914
http://www.milw0rm.com/exploits/4602
* Platforms Affected:
GuppY versions 4.6.3 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of GuppY (4.6.4 or later), available from the GuppY Web site at http://www.freeguppy.org/?lng=en |
| Related URL |
CVE-2007-5844 (CVE) |
| Related URL |
26315 (SecurityFocus) |
| Related URL |
38256 (ISS) |
|
