Geeklog Forgot Password SQL Injection Vulnerability

info
discussion
exploit
solution
references

Geeklog Forgot Password SQL Injection Vulnerability

An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature (introduced in Geeklog 1.3.8). Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This could result in compromise of the Geeklog installation or attacks against the database.