It indicates a possible exploit of CRLF (Carriage return Line feed) Vulnerability in Geeklog that may allow attackers to obtain recipient email address. Geeklog is an open-source Web log software written in PHP for Linux and Microsoft Windows platforms. Geeklog is designed to prevent a users real email address from being revealed. A remote attacker could use CRLF combinations to inject a Bcc: header in the Subject field to cause a copy of the message to be sent to themselves, which would reveal the recipients real email address.
Geeklog 1.3.5 sr1 and Geeklog 1.3.5
Upgrade to Geeklog 1.3.5 sr2 or later.