| VID |
21788 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The GuppY program is vulnerable to a cross-site scripting vulnerability in the pg parameter. GuppY and Easy GuppY are a CMS (Content Management System) written in PHP that doesn't require any database to run. GuppY versions 4.5.3a and earlier, and Easy GuppY versions 4.5.5 and earlier are vulnerable to Directory Traversal and Cross-Site Scripting vulnerabilities as follows:
1) Cross-Site Scripting Vulnerability: Input passed to the to the 'pg' parameter in the 'printfaq.php' script is not properly sanitized before being used. This vulnerability could be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
2) EasyGuppY Directory Traversal Vulnerability: This vulnerability could allow a remote attacker to view files residing outside of the Web root. By sending a specially-crafted HTTP POST request containing "dot dot" sequences (/../), a remote attacker could traverse directories and view any file on the Web server.
* References:
http://www.frsirt.com/english/advisories/2005/1921
http://secunia.com/advisories/16707
http://www.osvdb.org/displayvuln.php?osvdb_id=19242
* Platforms Affected:
GuppY versions 4.5.3a and earlier
Easy GuppY versions 4.5.5 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of GuppY (4.5.4 or later) or Easy GuppY (4.5.6a or later), available from the GuppY Web site at http://www.freeguppy.org/fgy5dn.php?lng=en&tconfig=0 |
| Related URL |
CVE-2005-2853 (CVE) |
| Related URL |
14752,14984 (SecurityFocus) |
| Related URL |
22133,22720 (ISS) |
|
