Vulnerabilities > CVE-2005-3927 - Local File Include and Information Disclosure vulnerability in GuppY
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description GuppY 4.5 dbbatch.php lng Parameter Traversal Arbitrary File Access. CVE-2005-3927. Webapps exploit for php platform id EDB-ID:26641 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter [email protected] source https://www.exploit-db.com/download/26641/ title GuppY 4.5 dbbatch.php lng Parameter Traversal Arbitrary File Access description GuppY 4.5 nwlmail.php lng Parameter Traversal Arbitrary File Access. CVE-2005-3927. Webapps exploit for php platform id EDB-ID:26642 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter [email protected] source https://www.exploit-db.com/download/26642/ title GuppY 4.5 nwlmail.php lng Parameter Traversal Arbitrary File Access description GuppY 4.5 editorTypetool.php meskin Parameter Traversal Arbitrary File Access. CVE-2005-3927 . Webapps exploit for php platform id EDB-ID:26639 last seen 2016-02-03 modified 2005-11-28 published 2005-11-28 reporter [email protected] source https://www.exploit-db.com/download/26639/ title GuppY 4.5 editorTypetool.php meskin Parameter Traversal Arbitrary File Access
Nessus
NASL family | CGI abuses |
NASL id | GUPPY_459.NASL |
description | The remote host is running GuppY, a content management system written in PHP. The version of GuppY installed on the remote host does not sanitize user input to the server variable |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20248 |
published | 2005-11-29 |
reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/20248 |
title | GuppY <= 4.5.9 Multiple Remote Vulnerabilities (Traversal, Code Exec) |
code |
|
References
- http://rgod.altervista.org/guppy459_xpl.html
- http://secunia.com/advisories/17790
- http://securityreason.com/securityalert/212
- http://securitytracker.com/id?1015279
- http://www.securityfocus.com/archive/1/417899/100/0/threaded
- http://www.securityfocus.com/bid/15610
- http://www.vupen.com/english/advisories/2005/2635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23319