HomePentest-Tools.com Logo

Guppy Request Header Injection Vulnerabilities CVE-2005-2853

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

The remote web server contains a PHP script that allows for arbitrary code execution and cross-site scripting attacks. Description : The remote host is running Guppy, a CMS written in PHP. The remote version of this software does not properly sanitize input to the Referer and User-Agent HTTP headers before using it in the error.php script. A malicious user can exploit this flaw to inject arbitrary script and HTML code into a users browser or, if PHPs magic_quotes_gpc setting is disabled, PHP code to be executed on the remote host subject to the privileges of the web server user id.

Risk description
Not available
Recommendation

Upgrade to Guppy version 4.5.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 8, 2005
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available