CVE-2006-6225

Published Dec 2, 2006

Last updated 7 years ago

CVSS info 5.1

Overview

Description: Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B89E7A29-0EAE-4BB0-B0DD-0B5B55F80453"
          },
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_beta1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "666B3BC5-BCD4-444B-B673-BB0F64B24553"
          },
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA0DFD93-BA8A-49BE-9063-E40AC757708A"
          },
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E07EB8A-5B67-41B9-8358-1CE59E1B6E09"
          },
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3EAF15E-44B6-44F6-B794-2DF571131415"
          },
          {
            "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12B571E5-5ADA-452E-88A6-75598A6D0847"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References