search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.
References
Link | Resource |
---|---|
http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html | Third Party Advisory |
http://www.geeklog.net/article.php/geeklog-1.3.11sr3 | Vendor Advisory |
http://www.osvdb.org/21398 | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-05T11:00:00
Updated: 2006-02-21T10:00:00
Reserved: 2005-12-05T00:00:00
Link: CVE-2005-4026
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-05T11:03:00.000
Modified: 2018-09-27T21:39:53.500
Link: CVE-2005-4026
JSON object: View
Redhat Information
No data.
CWE