Geeklog 1.3.11sr1 and 1.3.9sr4
- Sunday, July 03 2005 @ 04:11 pm EDT
- Contributed by: Dirk
- Views: 23,580
Stefan Esser has found an SQL injection vulnerability in Geeklog that can, under certain circumstances, be used to extract sensitive user data such as a user's password hash. We are therefore releasing security updates to address this issue and would advise you to upgrade ASAP.
There are upgrade archives available to upgrade from Geeklog 1.3.11 and Geeklog 1.3.9sr3, as well as a complete tarball for Geeklog 1.3.11sr1 (for new installations).
Users of Geeklog 1.3.10 please read on ...