VYPR
Unrated severityNVD Advisory· Published Nov 6, 2007· Updated Jun 16, 2026

CVE-2007-5845

CVE-2007-5845

Description

Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Guppy/Guppy3 versions
    cpe:2.3:a:guppy:guppy:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:guppy:guppy:*:*:*:*:*:*:*:*range: <=4.5.16
    • cpe:2.3:a:guppy:guppy:4.6.3:*:*:*:*:*:*:*
    • (no CPE)range: <=4.6.3, <=4.5.16

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.