CVE-2005-3926
CVE-2005-3926
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1342unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rgod.altervista.org/guppy459_xpl.htmlhttp://secunia.com/advisories/17790http://securitytracker.com/id?1015279https://exchange.xforce.ibmcloud.com/vulnerabilities/23318http://www.securityfocus.com/archive/1/417899/100/0/threadedhttp://www.securityfocus.com/bid/15609http://www.vupen.com/english/advisories/2005/2635