Geeklog Connector.PHP Arbitrary File Upload Vulnerability

info
discussion
exploit
solution
references

Geeklog Connector.PHP Arbitrary File Upload Vulnerability

Geeklog CMS is prone to an arbitrary file-upload vulnerability.

An attacker can exploit this vulnerability to upload malicious script code, which will be executed in the context of the webserver process.

An attacker may compromise the application by uploading and executing malicious PHP scripts with arbitrary filename extensions, because the application fails to sanitize multiple file extensions.