Geeklog lib-sessions.php Session Cookie Handling Administrative Bypass

critical Nessus Network Monitor Plugin ID 3464

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running Geeklog, an open-source weblog powered by PHP and MySQL. The installed version of Geeklog is vulnerable to a flaw in the 'lib-sessions.php' script. Specifically, a remote attacker can use the script to bypass authentication and gain administrative access to the Geeklog application. Successful exploitation gives the attacker the ability to gather confidential data, the ability to compromise file integrity, and the ability to interrupt services to valid users.

Solution

Upgrade to version 1.3.11sr5, 1.3.9sr5, 1.4.0sr2, or higher.

See Also

http://www.geeklog.net/article.php/geeklog-1.4.0sr2

Plugin Details

Severity: Critical

ID: 3464

Family: CGI

Published: 3/7/2006

Updated: 3/6/2019

Nessus ID: 21036

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:geeklog:geeklog

Reference Information

CVE: CVE-2006-1069

BID: 17010