Geeklog.ImageImageMagick.PHP.File.Inclusion
Description
Geeklog 2.x has a remote file include vulnerability. A remote attacker could execute an arbitrary script on a web server, with the privileges of the server, via a specially crafted URL request to the 'ImageImageMagick.php' script. This can be accomplished by using the 'glConf[path_system]' parameter to specify a malicious PHP file from a remote system.
Affected Products
Geeklog 2.x
Impact
System compromise.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |