R0T3D3Vil

**Name of the Vulnerable Software and Affected Versions** Geeklog versions 1.3.x through 1.3.11sr2 Geeklog versions 1.4.x through 1.4.0rc1 **Description** The issue allows remote attackers to obtain sensitive information via invalid `datestart` and `dateend` parameters in the "search.php" file, which leaks the web server path in an error message. **Recommendations** For Geeklog versions 1.3.x through 1.3.11sr2, update to version 1.3.11sr3. For Geeklog versions 1.4.x through 1.4.0rc1, update to version 1.4.0rc1 or later.