header-logo
Suggest Exploit
vendor:
GuppY
by:
Unknown
7.5
CVSS
HIGH
Local File Include and Information Disclosure
22
CWE
Product Name: GuppY
Affected Version From: GuppY 4.5.9
Affected Version To: GuppY 4.5.9
Patch Exists: NO
Related CWE:
CPE: a:guppy:guppy:4.5.9
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

GuppY Local File Include and Information Disclosure Vulnerabilities

An attacker can execute arbitrary server-side script code and gain unauthorized access by exploiting these vulnerabilities in GuppY. The attacker can also disclose arbitrary files on the affected computer using directory traversal sequences and NULL characters.

Mitigation:

Upgrade to GuppY version 4.6 or later to mitigate these vulnerabilities. Additionally, restrict access to the affected directories and files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15610/info
 
GuppY is affected by multiple local file include and information disclosure vulnerabilities.
 
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
 
It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
 
GuppY 4.5.9 and prior versions are vulnerable. 

http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?lng=../../../../../../../../../../../boot.ini%00