Vulnerabilities > CVE-2002-0097 - Unspecified vulnerability in Geeklog 1.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN geeklog
nessus
Summary
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | GEEKLOG_ADMIN_ACCESS.NASL |
| description | The remote server is running a version of Geeklog affected by various vulnerabilities, including SQL injection, arbitrary file upload, privilege escalation, etc. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11670 |
| published | 2003-05-29 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11670 |
| title | Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc) |
References
- http://geeklog.sourceforge.net/index.php?topic=Security
- http://geeklog.sourceforge.net/index.php?topic=Security
- http://online.securityfocus.com/archive/1/249443
- http://online.securityfocus.com/archive/1/249443
- http://www.iss.net/security_center/static/7869.php
- http://www.iss.net/security_center/static/7869.php
- http://www.securityfocus.com/bid/3844
- http://www.securityfocus.com/bid/3844