PT-2005-4762 · Geeklog · Geeklog

R0T3D3Vil

Published

2005-12-05

Updated

2018-09-27

CVE-2005-4026

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Geeklog versions 1.3.x through 1.3.11sr2 Geeklog versions 1.4.x through 1.4.0rc1

Description The issue allows remote attackers to obtain sensitive information via invalid datestart and dateend parameters in the "search.php" file, which leaks the web server path in an error message.

Recommendations For Geeklog versions 1.3.x through 1.3.11sr2, update to version 1.3.11sr3. For Geeklog versions 1.4.x through 1.4.0rc1, update to version 1.4.0rc1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4026

Affected Products

Geeklog

PT-2005-4762 · Geeklog · Geeklog

CVE-2005-4026

Related Identifiers

Affected Products

References · 5