Geeklog auth.inc.php loginname Parameter SQL Injection
The version of Geeklog installed on the remote fails to sanitize input to the 'loginname' and 'passwd' parameters before using it in the script 'admin/auth.inc.php' to construct database queries. Provided PHP's 'magicquotesgpc' setting is enabled, an unauthenticated attacker can exploit this flaw...