Geeklog auth.inc.php loginname Parameter SQL Injection

medium Nessus Plugin ID 21619

Synopsis

The remote web server contains a PHP application that is affected by an authentication bypass issue.

Description

The version of Geeklog installed on the remote fails to sanitize input to the 'loginname' and 'passwd' parameters before using it in the script 'admin/auth.inc.php' to construct database queries. Provided PHP's 'magic_quotes_gpc' setting is enabled, an unauthenticated attacker can exploit this flaw to bypass authentication and gain administrative access.

Solution

Upgrade to Geeklog 1.3.11sr6 / 1.4.0sr3 or later.

See Also

https://www.securityfocus.com/archive/1/435295/30/0/threaded

https://www.geeklog.net/article.php/geeklog-1.4.0sr3

Plugin Details

Severity: Medium

ID: 21619

File Name: geeklog_admin_auth_sql_injection.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 5/31/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:geeklog:geeklog

Required KB Items: www/geeklog

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2006

Reference Information

CVE: CVE-2006-2700

BID: 18154