Description
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
Product(s):
- Geeklog Geeklog 1.3.10
- Geeklog Geeklog 1.3.6
- Geeklog Geeklog 1.3.7
- Geeklog 1.3.7 SR1
- Geeklog 1.3.7 SR2
- Geeklog 1.3.7 SR3
- Geeklog 1.3.7 SR4
- Geeklog 1.3.7 SR5
- Geeklog Geeklog 1.3.8
- Geeklog 1.3.8 1
- Geeklog 1.3.8 1 SR1
- Geeklog 1.3.8 1 SR2
- Geeklog 1.3.8 1 SR3
- Geeklog 1.3.8_1 SR4
- Geeklog 1.3.8_1 SR5
- Geeklog 1.3.8_1 SR6
- Geeklog 1.3.9 SR1
- Geeklog 1.3.9 SR2
- Geeklog 1.3.9 SR3
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2152, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2152 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.