[geeklog-users] Geeklog/Gallery vulnerability

Jason Signalness jason at btiadmin.net
Tue Dec 9 17:18:04 EST 2003


Hello,

This article worries me a bit:
http://www.securityfocus.com/guest/24043

Have the issues addressed within it been resolved in any patch, etc, for 
Geeklog/Gallery?

The vulerability discussed allowed me to write arbitrary data to the 
server's hard disk, run all kinds of shell commands, and get the output 
back in my browser.  Worrying to be sure.

Thanks,
Jason




More information about the geeklog-users mailing list