Geeklog <= 2.0 BaseView.php glConf Parameter Remote File Inclusion
Medium Nessus Network Monitor Plugin ID 3900
SynopsisThe remote host is vulnerable to a 'file upload' flaw.
DescriptionThe remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The version of Geeklog installed on the remote host includes a flaw in the way that it parses user-supplied data. Specifically, the 'glConf' parameter of the 'BaseView.php' script can be used by a remote attacker to upload and execute arbitrary script code. An attacker exploiting this flaw would be able to execute code with the permissions of the web server process.
SolutionUpgrade to a version higher than 2.0.