Geeklog@1.3.11 rc1 Security Vulnerabilities and Issues — Geeklog@1.3.11 rc1 CVE List

Lucene search

GeeklogGeeklog1.3.11 rc1

5 matches found

CVE•added 2006/05/31 10:6 a.m.•74 views

CVE-2006-2700

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

5.1CVSS8.6AI score0.01037EPSS

Web

CVE•added 2006/05/31 10:6 a.m.•39 views

CVE-2006-2699

Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.

6.8CVSS5.8AI score0.01395EPSS

CVE•added 2006/05/31 10:6 a.m.•38 views

CVE-2006-2701

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.

7.5CVSS8.3AI score0.00603EPSS

CVE•added 2006/05/31 10:6 a.m.•37 views

CVE-2006-2698

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

7.8CVSS6.7AI score0.01066EPSS

CVE•added 2006/02/20 8:0 p.m.•33 views

CVE-2005-4725

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.

7.5CVSS7.3AI score0.00311EPSS