CyberSec.Space Logo
Back to CVE Browser

CVE-2005-2152

HIGH
7.5
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile44.71th
PublishedJul 6, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.

Affected Platforms (CPE)

πŸ“¦
Geeklog

Geeklog

= 1.3.6
πŸ“¦
Geeklog

Geeklog

= 1.3.7
πŸ“¦
Geeklog

Geeklog

= 1.3.7_sr1
πŸ“¦
Geeklog

Geeklog

= 1.3.7_sr2
πŸ“¦
Geeklog

Geeklog

= 1.3.7_sr3
πŸ“¦
Geeklog

Geeklog

= 1.3.7_sr4
πŸ“¦
Geeklog

Geeklog

= 1.3.7_sr5
πŸ“¦
Geeklog

Geeklog

= 1.3.8
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr1
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr2
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr3
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr4
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr5
πŸ“¦
Geeklog

Geeklog

= 1.3.8_1_sr6
πŸ“¦
Geeklog

Geeklog

= 1.3.9_sr1
πŸ“¦
Geeklog

Geeklog

= 1.3.9_sr2
πŸ“¦
Geeklog

Geeklog

= 1.3.9_sr3
πŸ“¦
Geeklog

Geeklog

= 1.3.10

References & Advisories

πŸ”— http://secunia.com/advisories/15914
πŸ”— http://securitytracker.com/id?1014381
πŸ”— http://www.geeklog.net/article.php/geeklog-1.3.11sr1
πŸ”— http://www.hardened-php.net/advisory-062005.php
πŸ”— http://secunia.com/advisories/15914
πŸ”— http://securitytracker.com/id?1014381
πŸ”— http://www.geeklog.net/article.php/geeklog-1.3.11sr1
πŸ”— http://www.hardened-php.net/advisory-062005.php

Related Vulnerabilities

CVE-2006-106910.0

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr...

CVE-2006-26987.8

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invali...

CVE-2002-09627.5

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the u...

CVE-2002-00977.5

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's...