Geeklog <= 2.0 BaseView.php glConf Parameter Remote File Inclusion

Medium Nessus Network Monitor Plugin ID 3900


The remote host is vulnerable to a 'file upload' flaw.


The remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The version of Geeklog installed on the remote host includes a flaw in the way that it parses user-supplied data. Specifically, the 'glConf' parameter of the 'BaseView.php' script can be used by a remote attacker to upload and execute arbitrary script code. An attacker exploiting this flaw would be able to execute code with the permissions of the web server process.


Upgrade to a version higher than 2.0.

See Also

Plugin Details

Severity: Medium

ID: 3900

Family: CGI

Published: 2007/02/06

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 5.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:W/RC:ND


Base Score: 6.3

Temporal Score: 6


Temporal Vector: CVSS3#E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:geeklog:geeklog

Reference Information

CVE: CVE-2007-0810

BID: 22386