Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
BID:24214
Info
Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
| Bugtraq ID: | 24214 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2007 12:00AM |
| Updated: | May 30 2007 12:04AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
gl Labs CAPTCHA Plugin 2.1.1 |
| Not Vulnerable: |
gl Labs CAPTCHA Plugin 2.1.2 |
Discussion
Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
The Geeklog CAPTCHA plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Geeklog CAPTCHA 2.1.1; prior versions may also be affected.
The Geeklog CAPTCHA plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Geeklog CAPTCHA 2.1.1; prior versions may also be affected.
Exploit / POC
Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Geeklog CAPTCHA Plugin _CONF[path] Remote File Include Vulnerability
References:
References:
- gl Labs Homepage (gl Labs)
- gl Labs Security Advisory - 2007-05-24 (gl Labs)