Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2006-6225

Published: 02/12/2006 Updated: 19/10/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 515
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Geeklog

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote malicious users to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.

Vulnerable Product Search on Vulmon Subscribe to Product

geeklog geeklog 1.4.0_sr3

geeklog geeklog 1.4.0_sr4

geeklog geeklog 1.4.0

geeklog geeklog 1.4.0_beta1

geeklog geeklog 1.4.0_sr1

geeklog geeklog 1.4.0_sr2

Exploits

Exploit DB: GeekLog 1.4.0sr3 - '_CONF[path]' Remote File Inclusion
--------------------------------------------------------------------------- GeekLog <= 140 (_CONF[path]) Remote File Include Vulnerabilities --------------------------------------------------------------------------- Google d0rk: "powered by geeklog" Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RoSecurityGroupnet : Remote : ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/18740https://exchange.xforce.ibmcloud.com/vulnerabilities/27469https://www.exploit-db.com/exploits/1963https://nvd.nist.govhttps://www.exploit-db.com/exploits/1963/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook