CVE-2023-37787

Name of the Vulnerable Software and Affected Versions Geeklog version 2.2.2

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of malicious code on the web application.

Recommendations For Geeklog version 2.2.2, consider disabling access to the "/admin/router.php" API endpoint until a patch is available, and restrict the use of the Rule and Route parameters to minimize the risk of exploitation.