Vulnerabilities > CVE-2006-2698 - Input Validation vulnerability in Geeklog
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. This vulnerability is addressed in the following product release: Geeklog, Geeklog, 1.4.0sr3
Vulnerable Configurations
References
- http://kapda.ir/advisory-336.html
- http://secunia.com/advisories/20316
- http://securityreason.com/securityalert/993
- http://www.geeklog.net/index.php?topic=Security
- http://www.securityfocus.com/archive/1/435295/100/0/threaded
- http://www.securityfocus.com/bid/18154
- http://www.vupen.com/english/advisories/2006/2050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26864