CVE-2007-0639
CVE-2007-0639
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/3221unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/33016http://retrogod.altervista.org/guppy_4516_cmd.htmlhttp://secunia.com/advisories/23914http://securitytracker.com/id?1017569https://exchange.xforce.ibmcloud.com/vulnerabilities/31882https://www.exploit-db.com/exploits/3221http://www.vupen.com/english/advisories/2007/0421