CVE-2006-2698

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

Date published : 2006-05-31

http://www.securityfocus.com/bid/18154

http://www.securityfocus.com/archive/1/435295/100/0/threaded