CVE-2005-3926

Name of the Vulnerable Software and Affected Versions GuppY versions 4.5.9 and earlier

Description A direct static code injection issue allows remote attackers to execute arbitrary PHP code. This is achieved via the SERVER[REMOTE ADDR] parameter, which is injected into a .inc script that is later included by the main script.

Recommendations For GuppY versions 4.5.9 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the error.php script until a patch is available. Avoid using the SERVER[REMOTE ADDR] parameter in sensitive scripts until the issue is resolved.