Geeklog@1.3.8 1 sr1 Security Vulnerabilities and Issues — Geeklog@1.3.8 1 sr1 CVE List

Lucene search

GeeklogGeeklog1.3.8 1 sr1

5 matches found

CVE•added 2006/05/31 10:6 a.m.•74 views

CVE-2006-2700

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

5.1CVSS8.6AI score0.01037EPSS

Web

CVE•added 2005/07/06 4:0 a.m.•40 views

CVE-2005-2152

SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.

7.5CVSS8.4AI score0.00502EPSS

CVE•added 2006/05/31 10:6 a.m.•39 views

CVE-2006-2699

Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.

6.8CVSS5.8AI score0.01395EPSS

CVE•added 2006/05/31 10:6 a.m.•38 views

CVE-2006-2701

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.

7.5CVSS8.3AI score0.00603EPSS

CVE•added 2006/05/31 10:6 a.m.•37 views

CVE-2006-2698

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

7.8CVSS6.7AI score0.01066EPSS