CVE-2007-1451

Name of the Vulnerable Software and Affected Versions GuppY version 4.0

Description The issue allows remote attackers to delete arbitrary files. This can be achieved by making a direct request to the install/install.php endpoint, then selecting "Installation propre" which leads to cleanup.php, and finally selecting "Suppression des fichiers d'installation" which leads to delete.php.

Recommendations For GuppY version 4.0, consider restricting access to the install/install.php endpoint and the subsequent cleanup.php and delete.php scripts to prevent unauthorized file deletion. As a temporary workaround, consider disabling the delete functionality in delete.php until a patch is available.