|
Geeklog pid CGI Variable SQL Injection Vulnerability
Geeklog does not properly validate externally-supplied input used in SQL queries. As a result, attackers may be able to modify SQL queries performed by the application by including special characters and additional SQL commands in supplied input. Exploitation of this vulnerability may result in data corruption, disclosure of sensitive information and intrusion into the database server. This issue has been reported in version 1.3.5, earlier versions may be susceptible to this issue as well. |
|
 Privacy Statement |
