Family: CGI abuses --> Category: attack
Geeklog User Comment Retrieval SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for user comment retrieval SQL injection vulnerability in Geeklog
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a SQL
The remote host is running Geeklog, an open-source weblog powered by
PHP and MySQL.
The installed version of Geeklog suffers from a SQL injection
vulnerability due to the application's failure to sanitize user-
supplied input via the 'order' parameter of the 'comment.php' script.
By leveraging this flaw, a possible hacker may be able to recover sensitive
information, such as password hashes, launch attacks against the
underlying database, and the like.
See also :
Upgrade to Geeklog version 1.3.11 sr1 or later.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.