vendor:
Geeklog
by:
rgod
7.5
CVSS
HIGH
Remote Command Execution
CWE
Product Name: Geeklog
Affected Version From: Geeklog <= 1.4.0sr3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Geeklog <= 1.4.0sr3 'f(u)ckeditor' remote commands execution
This exploit targets the Geeklog version 1.4.0sr3. The vulnerability allows an attacker to execute remote commands. The exploit takes advantage of the fckeditor feature, which is enabled by default and not protected. By uploading multiple extension files, an attacker can execute arbitrary shell commands on the target server.
Mitigation:
To mitigate this vulnerability, it is recommended to update Geeklog to a patched version. Additionally, ensure that the fckeditor feature is properly secured and protected.
