Vulnerabilities > CVE-2006-2699 - Input Validation vulnerability in Geeklog
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. This vulnerability is addressed in the following product release: Geeklog, Geeklog, 1.4.0sr3
Vulnerable Configurations
Exploit-Db
description | Geeklog 1.4 Multiple Input Validation Vulnerabilities. CVE-2006-2699. Webapps exploit for php platform |
id | EDB-ID:27919 |
last seen | 2016-02-03 |
modified | 2006-05-11 |
published | 2006-05-11 |
reporter | trueend5 |
source | https://www.exploit-db.com/download/27919/ |
title | Geeklog 1.4 - Multiple Input Validation Vulnerabilities |
References
- http://kapda.ir/advisory-336.html
- http://secunia.com/advisories/20316
- http://securityreason.com/securityalert/993
- http://www.geeklog.net/index.php?topic=Security
- http://www.securityfocus.com/archive/1/435295/100/0/threaded
- http://www.securityfocus.com/bid/18154
- http://www.vupen.com/english/advisories/2006/2050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26862