[原文]Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.
GuppY contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'printfaq.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'pg' variable.
Upgrade to version 4.5.6a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.