Vulnerabilities > CVE-2002-0097 - Unspecified vulnerability in Geeklog 1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | GEEKLOG_ADMIN_ACCESS.NASL |
| description | The remote server is running a version of Geeklog affected by various vulnerabilities, including SQL injection, arbitrary file upload, privilege escalation, etc. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11670 |
| published | 2003-05-29 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11670 |
| title | Geeklog <= 1.3.7sr1 Multiple Vulnerabilities (SQLi, XSS, Priv Esc) |