|
COMMAND Geeklog.cgi user restrictions may be bypassed SYSTEMS AFFECTED Geeklog 1.3 PROBLEM Adrian Chung [http://www.enfusion-group.com/~adrian] wrote : --snip-- When permanent cookies are enabled, as they are in a stock install, Geeklog stores a user\'s UID in a cookie upon successful login. Modification of the UID in the cookie allows any user to assume the identity. --snap-- SOLUTION Patch is available from [http://www.geeklog.org]