Geeklog.multiple.scripts.CONF.File.Inclusion
Description
Geeklog has multiple remote file-include vulnerabilities. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially-crafted URL request to multiple scripts, by using the '_CONF' parameter to specify a malicious PHP file from a remote system.
Affected Products
Geeklog version 1.4.0 and prior.
Impact
Gain Access.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.geeklog.net/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-09-26 | 13.458 |