CGI abuses : Geeklog Image Upload Code injection attack

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51850

Categoría: CGI abuses

Título: Geeklog Image Upload Code injection attack

Resumen: NOSUMMARY

Descripción: Description:

The installed version of Geeklog, according to the version
number, does not sufficiently validate images uploaded
to the remote server. By insufficiently sanitizing image
extensions, an attacker can craft a custom image containing
executable PHP code which would then be executed on the
server when the image is accessed from a browser.

Versions up to and including 1.3.7sr1 are known to be vulnerable.

Solution : Upgrade to 1.3.7sr2 or later.
Risk factor : High

Referencia Cruzada: BugTraq ID: 7744

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51850
Categoría:	CGI abuses
Título:	Geeklog Image Upload Code injection attack
Resumen:	NOSUMMARY
Descripción:	Description: The installed version of Geeklog, according to the version number, does not sufficiently validate images uploaded to the remote server. By insufficiently sanitizing image extensions, an attacker can craft a custom image containing executable PHP code which would then be executed on the server when the image is accessed from a browser. Versions up to and including 1.3.7sr1 are known to be vulnerable. Solution : Upgrade to 1.3.7sr2 or later. Risk factor : High
Referencia Cruzada:	BugTraq ID: 7744
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com