Vulnerabilities > CVE-2006-6225 - Unspecified vulnerability in Geeklog

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
geeklog
nessus
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.

Exploit-Db

descriptionGeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities. CVE-2006-6225. Webapps exploit for php platform
fileexploits/php/webapps/1963.txt
idEDB-ID:1963
last seen2016-01-31
modified2006-06-29
platformphp
port
published2006-06-29
reporterKw3[R]Ln
sourcehttps://www.exploit-db.com/download/1963/
titleGeekLog <= 1.4.0sr3 - _CONFpath Remote File Include Vulnerabilities
typewebapps

Nessus

NASL familyCGI abuses
NASL idGEEKLOG_CONF_PATH_FILE_INCLUDES.NASL
descriptionThe version of Geeklog installed on the remote host fails to sanitize input to the
last seen2020-06-01
modified2020-06-02
plugin id21779
published2006-06-29
reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/21779
titleGeeklog Multiple Script _CONF[path] Parameter Remote File Inclusion