CVE-2006-2700

2006-05-31T10:06:00
ID CVE-2006-2700
Type cve
Reporter cve@mitre.org
Modified 2018-10-18T16:41:00

Description

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled (for the "loginname" parameter). This vulnerability is addressed in the following product release: Geeklog, Geeklog, 1.4.0sr3