Test ID:	1.3.6.1.4.1.25623.1.0.19943
Category:	Web application abuses
Title:	Guppy Request Header Injection Vulnerabilities
Summary:	The remote web server contains a PHP script that allows for; arbitrary code execution and cross-site scripting attacks.;; Description :;; The remote host is running Guppy, a CMS written in PHP.;; The remote version of this software does not properly sanitize input; to the Referer and User-Agent HTTP headers before using it in the; 'error.php' script. A malicious user can exploit this flaw to inject; arbitrary script and HTML code into a user's browser or, if PHP's; 'magic_quotes_gpc' setting is disabled, PHP code to be executed on the; remote host subject to the privileges of the web server user id.
Description:	Summary: The remote web server contains a PHP script that allows for arbitrary code execution and cross-site scripting attacks. Description : The remote host is running Guppy, a CMS written in PHP. The remote version of this software does not properly sanitize input to the Referer and User-Agent HTTP headers before using it in the 'error.php' script. A malicious user can exploit this flaw to inject arbitrary script and HTML code into a user's browser or, if PHP's 'magic_quotes_gpc' setting is disabled, PHP code to be executed on the remote host subject to the privileges of the web server user id. Solution: Upgrade to Guppy version 4.5.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2853 BugTraq ID: 14753 http://www.securityfocus.com/bid/14753 http://secunia.com/advisories/16707
Copyright	Copyright (C) 2006 Josh Zlatin-Amishav

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.