Vulnerability Description
SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Geeklog | Geeklog | <= 1.3.5 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
- http://geeklog.sourceforge.net/article.php?story=20020610013358149
- http://www.iss.net/security_center/static/9311.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4968PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
- http://geeklog.sourceforge.net/article.php?story=20020610013358149
- http://www.iss.net/security_center/static/9311.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4968PatchVendor Advisory
FAQ
What is CVE-2002-0963?
CVE-2002-0963 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
How severe is CVE-2002-0963?
CVE-2002-0963 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0963?
Check the references section above for vendor advisories and patch information. Affected products include: Geeklog Geeklog.