|
Family: CGI abuses --> Category: attack
Geeklog session Cookie Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to bypass authentication in Geeklog
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
an authentication bypass issue.
Description :
The remote host is running Geeklog, an open-source weblog powered by
PHP and MySQL.
The version of Geeklog installed on the remote contains a flaw in its
session-handling library that can be exploited by a possible hacker to
bypass authentication and gain access as any user, including the
admin.
See also :
http://www.geeklog.net/article.php/geeklog-1.4.0sr2
Solution :
Upgrade to Geeklog 1.3.9sr5 / 1.3.11sr5 / 1.4.0sr2 or later.
Threat Level:
Medium / CVSS Base Score : 4.9
(AV:L/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|