Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitr