Multiple SQL injection vulnerabilities in Geeklog 1.4.0 prior to 1.4.0sr1 and 1.3.11 prior to 1.3.11sr4 allow remote malicious users to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
geeklog geeklog 1.3.11 |
||
geeklog geeklog 1.3.11_sr3 |
||
geeklog geeklog 1.4.0 |
||
geeklog geeklog 1.3.11_sr1 |
||
geeklog geeklog 1.3.11_sr2 |