Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Geeklog <= 2.0 BaseView.php glConf Parameter Remote File Inclusion



The remote host is vulnerable to a 'file upload' flaw.


The remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The version of Geeklog installed on the remote host includes a flaw in the way that it parses user-supplied data. Specifically, the 'glConf' parameter of the 'BaseView.php' script can be used by a remote attacker to upload and execute arbitrary script code. An attacker exploiting this flaw would be able to execute code with the permissions of the web server process.


Upgrade to a version higher than 2.0.