vendor:
GuppY
by:
Unknown
7.5
CVSS
HIGH
Local File Include and Information Disclosure
22
CWE
Product Name: GuppY
Affected Version From: GuppY 4.5.9
Affected Version To: GuppY 4.5.9
Patch Exists: NO
Related CWE:
CPE: a:guppy:guppy:4.5.9
Platforms Tested:
Unknown
GuppY Local File Include and Information Disclosure Vulnerabilities
An attacker can execute arbitrary server-side script code and gain unauthorized access by exploiting these vulnerabilities in GuppY. The attacker can also disclose arbitrary files on the affected computer using directory traversal sequences and NULL characters.
Mitigation:
Upgrade to GuppY version 4.6 or later to mitigate these vulnerabilities. Additionally, restrict access to the affected directories and files.