Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Geeklog | Geeklog | 1.3.8_1_sr3 (including) | 1.3.8_1_sr3 (including) |
| Geeklog | Geeklog | 1.3.8_1_sr4 (including) | 1.3.8_1_sr4 (including) |
| Geeklog | Geeklog | 1.3.9 (including) | 1.3.9 (including) |
| Geeklog | Geeklog | 1.3.9_rc1 (including) | 1.3.9_rc1 (including) |
| Geeklog | Geeklog | 1.3.9_rc2 (including) | 1.3.9_rc2 (including) |
| Geeklog | Geeklog | 1.3.9_rc3 (including) | 1.3.9_rc3 (including) |
| Geeklog | Geeklog | 1.3.9_sr1 (including) | 1.3.9_sr1 (including) |
| Geeklog | Geeklog | 1.3.9_sr2 (including) | 1.3.9_sr2 (including) |
| Geeklog | Geeklog | 1.3.10 (including) | 1.3.10 (including) |
| Geeklog | Geeklog | 1.3.10_rc1 (including) | 1.3.10_rc1 (including) |
| Geeklog | Geeklog | 1.3.10_rc2 (including) | 1.3.10_rc2 (including) |
| Geeklog | Geeklog | 1.3.10_rc3 (including) | 1.3.10_rc3 (including) |
| Geeklog | Geeklog | 1.3.11 (including) | 1.3.11 (including) |
| Geeklog | Geeklog | 1.3.11_rc1 (including) | 1.3.11_rc1 (including) |
| Geeklog | Geeklog | 1.3.11_sr1 (including) | 1.3.11_sr1 (including) |
| Geeklog | Geeklog | 1.3.11_sr2 (including) | 1.3.11_sr2 (including) |