GuppY Pg Parameter Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross-site scripting and possibly directory traversal attacks. Description : The remote host is running GuppY / EasyGuppY, a CMS written in PHP. The version of Guppy / EasyGuppY installed on the remote host fails to sanitize user-supplied input to the 'pg' field in the 'printfaq.php' script. An attacker can exploit this flaw to launch cross-site scripting and possibly directory traversal attacks against the affected application.

Solution

Upgrade to version 4.5.6a or later.

References

http://archives.neohapsis.com/archives/bugtraq/2005-09/0362.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2853

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14

GuppY pg Parameter Vulnerability

Take action and discover your vulnerabilities