Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Geeklog lib-sessions.php Session Cookie Handling Administrative Bypass



The remote host is vulnerable to a flaw that allows for the bypassing of authentication.


The remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The installed version of Geeklog is vulnerable to a flaw in the 'lib-sessions.php' script. Specifically, a remote attacker can use the script to bypass authentication and gain administrative access to the Geeklog application. Successful exploitation gives the attacker the ability to gather confidential data, the ability to compromise file integrity, and the ability to interrupt services to valid users.


Upgrade to version 1.3.11sr5, 1.3.9sr5, 1.4.0sr2, or higher.