ByteOS Network

NVD Vulnerability Details :

CVE-2007-5845

Modified

Source-cve@mitre.org

Published At-06 Nov, 2007 | 21:46

Updated At-29 Sep, 2017 | 01:29

Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

guppy>>guppy>>Versions up to 4.5.16(inclusive)

cpe:2.3:a:guppy:guppy:*:*:*:*:*:*:*:*

guppy>>guppy>>4.6.3

cpe:2.3:a:guppy:guppy:4.6.3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-94	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/38492	cve@mitre.org	N/A
http://retrogod.altervista.org/guppy_4516_cmd.html	cve@mitre.org	Exploit
https://www.exploit-db.com/exploits/3221	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/4602	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History