CVE-2005-4026 Information

Description

search.php in Geeklog 1.4.x before 1.4.0rc1 and 1.3.x before 1.3.11sr3 allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters which leaks the web server path in an error message.

Reference

http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html http://www.geeklog.net/article.php/geeklog-1.3.11sr3 http://www.osvdb.org/21398