Geeklog.multiple.scripts.CONF.File.Inclusion

description-logoDescription

Geeklog has multiple remote file-include vulnerabilities. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially-crafted URL request to multiple scripts, by using the '_CONF' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Geeklog version 1.4.0 and prior.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.geeklog.net/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-09-26 13.458