ID de Prueba:	1.3.6.1.4.1.25623.1.0.19943
Categoría:	Web application abuses
Título:	Guppy Request Header Injection Vulnerabilities
Resumen:	The remote web server contains a PHP script that allows for; arbitrary code execution and cross-site scripting attacks.;; Description :;; The remote host is running Guppy, a CMS written in PHP.;; The remote version of this software does not properly sanitize input; to the Referer and User-Agent HTTP headers before using it in the; 'error.php' script. A malicious user can exploit this flaw to inject; arbitrary script and HTML code into a user's browser or, if PHP's; 'magic_quotes_gpc' setting is disabled, PHP code to be executed on the; remote host subject to the privileges of the web server user id.
Descripción:	Summary: The remote web server contains a PHP script that allows for arbitrary code execution and cross-site scripting attacks. Description : The remote host is running Guppy, a CMS written in PHP. The remote version of this software does not properly sanitize input to the Referer and User-Agent HTTP headers before using it in the 'error.php' script. A malicious user can exploit this flaw to inject arbitrary script and HTML code into a user's browser or, if PHP's 'magic_quotes_gpc' setting is disabled, PHP code to be executed on the remote host subject to the privileges of the web server user id. Solution: Upgrade to Guppy version 4.5.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2853 BugTraq ID: 14753 http://www.securityfocus.com/bid/14753 http://secunia.com/advisories/16707
Copyright	Copyright (C) 2006 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.