Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Geeklog <= 2.0 BaseView.php glConf Parameter Remote File Inclusion

Medium

Synopsis

The remote host is vulnerable to a 'file upload' flaw.

Description

The remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The version of Geeklog installed on the remote host includes a flaw in the way that it parses user-supplied data. Specifically, the 'glConf' parameter of the 'BaseView.php' script can be used by a remote attacker to upload and execute arbitrary script code. An attacker exploiting this flaw would be able to execute code with the permissions of the web server process.

Solution

Upgrade to a version higher than 2.0.