Sensitive Information Disclosure in Geeklog 1.4.x and 1.3.x via Invalid Date Parameters

Sensitive Information Disclosure in Geeklog 1.4.x and 1.3.x via Invalid Date Parameters

CVE-2005-4026 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.

Learn more about our Web App Pen Testing.