Vulnerabilities > CVE-2005-4026 - Information Disclosure vulnerability in Geeklog (Extended Japanese Package)

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

geeklog

NVD

Published: 2005-12-05

Updated: 2018-09-27

Summary

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.

Vulnerable Configurations

Part	Description	Count
Application	Geeklog Geeklog Geeklog 1.3.0 Geeklog Geeklog 1.3.5 Geeklog Geeklog 1.3.6 Geeklog Geeklog 1.3.7 Geeklog Geeklog 1.3.8 Geeklog Geeklog 1.3.9 Geeklog Geeklog 1.3.10 Geeklog Geeklog 1.3.11 Geeklog Geeklog 1.4.0	17

References

http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html
http://www.geeklog.net/article.php/geeklog-1.3.11sr3
http://www.osvdb.org/21398