OSVDB ID: 8830 Title: Geeklog Install Script Arbitrary Execution |
Info |
|
|
Dates |
||||
|
|
Description |
Geeklog contains a flaw that may allow a malicious user to execute install scripts remotely. The issue is caused by the Geeklog installation leaving the install scripts within a publibly accessible directory. It is possible that the flaw may allow a remote attacker to run the installation script resulting in a loss of integrity. Note: The Geeklog installation process has several warnings for administrators to delete all installation files after completion. This vulnerability will only exist on sites in which the administrator chose to ignore the installation warnings. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Misconfiguration Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified OSVDB: Web Related, Concern |
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): remove installation scripts after installing application. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |