Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CGI abuses
Title:Geeklog Image Upload Code injection attack

The installed version of Geeklog, according to the version
number, does not sufficiently validate images uploaded
to the remote server. By insufficiently sanitizing image
extensions, an attacker can craft a custom image containing
executable PHP code which would then be executed on the
server when the image is accessed from a browser.

Versions up to and including 1.3.7sr1 are known to be vulnerable.

Solution : Upgrade to 1.3.7sr2 or later.
Risk factor : High

Cross-Ref: BugTraq ID: 7744
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.