Geeklog 1.4.0sr3 and 1.3.11sr6
- Sunday, May 28 2006 @ 11:15 am EDT
- Contributed by: Dirk
- Views: 16,797
- Possible SQL injection and authentication bypass in auth.inc.php
- Possible XSS in getimage.php
- Path disclosure in getimage.php and the functions.php of some themes, e.g. the Professional theme
Additionally, an internal code review has revealed another possible SQL injection in the story submission.
We are therefore releasing Geeklog 1.4.0sr3 (complete tarball, upgrade archive) and Geeklog 1.3.11sr6 (upgrade archive, combo update) to address these issues and would suggest that you install these as soon as possible.
Read on for more information ...