Check Point Advisories

Update Protection against Geeklog Remote Code Execution Vulnerability

Check Point Reference: CPAI-2006-084
Date Published: 16 Jul 2006
Severity: Medium
Last Updated: Thursday 03 May, 2007
Source: SecurityFocus
Protection Provided by:
Who is Vulnerable? Geeklog 1.4.0sr3
Vulnerability Description Geeklog is a PHP/MySQL based application for managing dynamic web content. Geeklog CMS fails to validate multiple file extensions, potentially allowing a remote attacker to upload malicious script code, which will be executed in the context of the webserver process.
Vulnerability DetailsA file upload vulnerability exists in Geeklog CMS. An attacker may compromise the application by uploading and executing malicious PHP scripts with arbitrary filename extensions, taking advantage of the fact that the application does not properly sanitize multiple file extensions.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK