Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Published: 2006-12-02
Updated: 2024-11-21
Summary
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
Vulnerable Configurations
Part | Description | Count |
Application | Geeklog | 6 |
Exploit-Db
description | GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities. CVE-2006-6225. Webapps exploit for php platform |
file | exploits/php/webapps/1963.txt |
id | EDB-ID:1963 |
last seen | 2016-01-31 |
modified | 2006-06-29 |
platform | php |
port | |
published | 2006-06-29 |
reporter | Kw3[R]Ln |
source | https://www.exploit-db.com/download/1963/ |
title | GeekLog <= 1.4.0sr3 - _CONFpath Remote File Include Vulnerabilities |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | GEEKLOG_CONF_PATH_FILE_INCLUDES.NASL |
description | The version of Geeklog installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21779 |
published | 2006-06-29 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21779 |
title | Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion |