CVE-2005-3926

GuppY 4.5.9 - Remote Code Execution via _SERVER[REMOTE_ADDR] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3926. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets Guppy CMS <=4.5.9 by overwriting the _SERVER[REMOTE_ADDR] variable to inject arbitrary PHP code, enabling remote command execution. The script provides a web interface to input target details and execute commands.

Description

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1342

View Code ZIP pw:eip

This exploit targets Guppy CMS <=4.5.9 by overwriting the _SERVER[REMOTE_ADDR] variable to inject arbitrary PHP code, enabling remote command execution. The script provides a web interface to input target details and execute commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Guppy CMS <=4.5.9

No auth needed

Prerequisites: PHP with sockets module or fsockopen enabled · magic_quotes_gpc disabled

MITRE ATT&CK