Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 prior to 1.4.0sr1 and 1.3.11 prior to 1.3.11sr4 allow remote malicious users to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
geeklog geeklog 1.3.11_sr1 |
||
geeklog geeklog 1.3.11_sr2 |
||
geeklog geeklog 1.3.11_sr3 |
||
geeklog geeklog 1.3.11 |
||
geeklog geeklog 1.4.0 |