1. CVE-Search
  2. CVE-2006-0824
ID CVE-2006-0824
Summary Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.
References
Vulnerable Configurations
  • cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
  • cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16755
bugtraq 20060219 Geeklog Remote Code Execution
confirm http://www.geeklog.net/article.php/geeklog-1.4.0sr1
misc http://www.gulftech.org/?node=research&article_id=00102-02192006
osvdb 23349
secunia 18920
vupen ADV-2006-0661
Last major update 18-10-2018 - 16:29
Published 21-02-2006 - 23:02
Last modified 18-10-2018 - 16:29
Back to Top