Geeklog getimage.php Path Disclosure

2006-05-28T09:35:07
ID OSVDB:26004
Type osvdb
Reporter OSVDB
Modified 2006-05-28T09:35:07

Description

Solution Description

Upgrade to version 1.3.11sr6, 1.4.0sr3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/geeklog/getimage.php?mode=show&image=dd

References:

Vendor URL: http://www.geeklog.net Vendor Specific News/Changelog Entry: http://www.geeklog.net/article.php/geeklog-1.4.0sr3 Secunia Advisory ID:20316 Related OSVDB ID: 26003 Related OSVDB ID: 26005 Related OSVDB ID: 26006 Other Advisory URL: http://kapda.ir/advisory-336.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0648.html Keyword: KAPDA::#45 FrSIRT Advisory: ADV-2006-2050 CVE-2006-2698 Bugtraq ID: 18154