Vulnerabilities > Geeklog > Geeklog > 1.3.7.sr1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-31 | CVE-2006-2701 | SQL-Injection vulnerability in Geeklog (Extended Japanese Package) SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission. | 7.5 |
2006-05-31 | CVE-2006-2700 | Input Validation vulnerability in Geeklog SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | 5.1 |
2006-05-31 | CVE-2006-2699 | Input Validation vulnerability in Geeklog Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. network geeklog | 6.8 |
2006-05-31 | CVE-2006-2698 | Input Validation vulnerability in Geeklog Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | 7.8 |
2005-07-06 | CVE-2005-2152 | SQL-Injection vulnerability in Geeklog SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | 7.5 |