CVE-2005-3156

Name of the Vulnerable Software and Affected Versions EasyGuppy (Guppy for Windows) versions 4.5.4 through 4.5.5

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the printfaq.php file. This is achieved by using ".." sequences in the pg parameter. The pg parameter is cleansed for XSS but not for directory traversal, making it vulnerable to such attacks.

Recommendations For versions 4.5.4 and 4.5.5, consider restricting access to the printfaq.php file until a patch is available. As a temporary workaround, avoid using the pg parameter in the printfaq.php file to minimize the risk of exploitation.