Unrated severityNVD Advisory· Published Dec 5, 2005· Updated Apr 16, 2026

CVE-2005-4026

Description

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.

Affected products

Geeklog/Geeklog5 versions
cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*range: >=1.3.0,<=1.3.11
- cpe:2.3:a:geeklog:geeklog:1.3.11:rc1:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr1:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.3.11:sr2:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0:beta1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.htmlnvdThird Party Advisory
www.geeklog.net/article.php/geeklog-1.3.11sr3nvdVendor Advisory
www.osvdb.org/21398nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000