Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.
Max CVSS
7.5
EPSS Score
0.34%
Published
2005-12-31
Updated
2008-09-05
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
Max CVSS
7.5
EPSS Score
0.39%
Published
2005-07-06
Updated
2008-09-05
2 vulnerabilities found