Vulnerability Details : CVE-2006-2698
Potential exploit
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.
Products affected by CVE-2006-2698
- cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.5_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr5:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr5:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.7_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.8_1_sr6:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.10_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.9_sr4:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2698
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2698
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
References for CVE-2006-2698
-
http://www.geeklog.net/index.php?topic=Security
Patch
-
http://www.vupen.com/english/advisories/2006/2050
-
http://www.securityfocus.com/archive/1/435295/100/0/threaded
-
http://securityreason.com/securityalert/993
-
http://www.securityfocus.com/bid/18154
Exploit;Patch
-
http://kapda.ir/advisory-336.html
Exploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26864
Jump to