mailing list archives
[InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
From: security () intern0t net
Date: Wed, 3 Jun 2009 15:51:37 -0600
Geeklog - Pre-Installation Vulnerabilities
Version Affected: 1.5.2sr4 (18th April 2009) (newest)
Info: See website for more details.
Opinion: The system seems to be more secure than most web application systems on the Internet these days.
-:: The Advisory ::-
Vulnerable Function / ID Calls:
dbconfig_path, contains multiple bugs that can be used to perform: XSS, RFI and Path Disclosure.
Cross Site Scripting:
Remote File Inclusion:
-:: Solution ::-
I didn't bother to find one, sorry.
- Vulnerabilities found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.
All of the best,
- [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities security (Jun 04)