|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
Geeklog contains a flaw that may allow a malicious user to execute install scripts remotely. The issue is caused by the Geeklog installation leaving the install scripts within a publibly accessible directory. It is possible that the flaw may allow a remote attacker to run the installation script resulting in a loss of integrity. Note: The Geeklog installation process has several warnings for administrators to delete all installation files after completion. This vulnerability will only exist on sites in which the administrator chose to ignore the installation warnings.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Misconfiguration
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related,
Concern
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): remove installation scripts after installing application.
|
|
Products |
|
Geeklog
 |
1.39 |
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
