COMMAND

	Geeklog.cgi user restrictions may be bypassed

SYSTEMS AFFECTED

	Geeklog 1.3

PROBLEM

	Adrian Chung [http://www.enfusion-group.com/~adrian] wrote :
	

	--snip--
	

	When permanent cookies are enabled, as they  are  in  a  stock  install,
	Geeklog stores  a  user\'s  UID  in  a  cookie  upon  successful  login.
	Modification of the UID in the cookie allows  any  user  to  assume  the
	identity.
	

	--snap--

SOLUTION

	Patch is available from [http://www.geeklog.org]