CVE-2006-0824

Name of the Vulnerable Software and Affected Versions Geeklog versions 1.3.11 through 1.3.11sr3 Geeklog versions 1.4.0 through 1.4.0sr0

Description The issue allows remote attackers to include arbitrary local files and execute arbitrary code. This can be achieved via absolute paths in unspecified parameters and the language cookie. For example, code execution can be demonstrated using error.log.

Recommendations For Geeklog versions 1.3.11 through 1.3.11sr3, update to version 1.3.11sr4 to resolve the issue. For Geeklog versions 1.4.0 through 1.4.0sr0, update to version 1.4.0sr1 to resolve the issue. As a temporary workaround, consider restricting access to the language cookie and unspecified parameters in lib-common.php to minimize the risk of exploitation.