|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
Geeklog contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered during the installation, which creates an extra 'group_assignments' record with a user id of 13, but the user table only contains 12 users. The first new created user is a member of the GroupAdmin Group and the UserAdmin Group which could allow a remote attacker to gain access to administrative privileges resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Authentication Management
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 1.3.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: In your MySQL editor enter the following command:
SELECT username FROM users WHERE uid = 13
Afterwards, edit this user in admin/users.php and uncheck the 'GroupAdmin Group' and the 'UserAdmin Group' check boxes.
|
|
Products |
|
Geeklog
 |
1.3 |
|
|
|
|
|
|
Credit |
- Woody Hughes - woody
 thewoodman.org -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
