CVE-2005-3926

GuppY <4.5.9 - Code Injection

Title source: llm

Description

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1342

References (7)

Scores

EPSS 0.0561
EPSS Percentile 90.3%

Details

Status published
Products (5)
guppy/guppy 4.5
guppy/guppy 4.5.3
guppy/guppy 4.5.3a
guppy/guppy 4.5.4
guppy/guppy 4.5.9
Published Nov 30, 2005
Tracked Since Feb 18, 2026