Geeklog.ImageImageMagick.PHP.File.Inclusion

description-logoDescription

Geeklog 2.x has a remote file include vulnerability. A remote attacker could execute an arbitrary script on a web server, with the privileges of the server, via a specially crafted URL request to the 'ImageImageMagick.php' script. This can be accomplished by using the 'glConf[path_system]' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Geeklog 2.x

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

Currently we are not aware of any official supplied fix for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)