Security Advisory

CVE-2005-3926

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2005-11-30 11:00:00

Last updated 2024-08-07 23:31:48

Assigner mitre

State PUBLISHED

Description

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.

← Browse all CVEs View on cve.org ↗