|
|
CVE Reference: CVE-2007-0639 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0639 |
|
|
Description: Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31882 ST 1017569 SAID Secunia Advisory: SA23914 OSVDB 33016 MISC http://retrogod.altervista.org/guppy_4516_cmd.html MILW0RM http://milw0rm.com/exploits/3221 |
|
| Return to the previous page. |
