Geeklog Image Upload Extension Validation Vulnerability

info
discussion
exploit
solution
references

Geeklog Image Upload Extension Validation Vulnerability

Geeklog does not sufficiently validate image upload extensions. It may be possible for an attacker to upload a file with an arbitrary extension, such as a script, and then request the file. Depending on web server configuration, this could result in execution of arbitrary commands, file corruption or other consequences.