| VID |
21844 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Geeklog program is vulnerable to multiple vulnerabilities which exist in versions prior to 1.3.11sr4 or 1.4.0sr1. Geeklog is an open-source Web log software written in PHP and MySQL. Geeklog versions prior to 1.3.11sr4 or 1.4.0sr1 are vulnerable to multiple input validation vulnerabilities, which can be exploited by a remote attacker to conduct SQL injection attacks, disclose potentially sensitive information and potentially to compromise a vulnerable system.
1) Multiple SQL injection vulnerabilities: By sending specially-crafted SQL statements to the users.php script using the $userid variable or to the lib-sessions.php script using the $sessid variable, a remote attacker could execute arbitrary SQL commands.
2) An arbitrary local file include vulnerability: By sending a specially-crafted URL request to the lib-common.php script using the 'language' parameter to include a malicious file in the local system, a remote attacker could execute arbitrary PHP code on the vulnerable system.
* References:
http://www.geeklog.net/filemgmt/singlefile.php?lid=670
http://www.geeklog.net/filemgmt/singlefile.php?lid=671
http://www.gulftech.org/?node=research&article_id=00102-02192006
http://secunia.com/advisories/18920/
* Platforms Affected:
Geeklog versions prior to 1.3.11sr4
Geeklog versions prior to 1.4.0sr1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Geeklog (1.3.11sr4 or 1.4.0sr1 or later), available from the Geeklog Web site at http://www.geeklog.net/filemgmt/viewcat.php?cid=8 |
| Related URL |
CVE-2006-0823,CVE-2006-0824 (CVE) |
| Related URL |
16755 (SecurityFocus) |
| Related URL |
24775,24776 (ISS) |
|
