MidnightBSD

Advisories for geshi

CVE-2005-3080 MEDIUM

contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
geshi geshi 1.0.7.2
geshi geshi 1.0.7
geshi geshi 1.0.7.1
geshi geshi 1.0.3
geshi geshi 1.0.5
geshi geshi 1.0.1
geshi geshi 1.0.6
geshi geshi 1.0.4
geshi geshi 1.0.0
geshi geshi 1.0.2
CVE-2008-5186 HIGH

The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
geshi geshi 1.0.7
geshi geshi 1.0.7.21
geshi geshi 1.0.2_beta_1
geshi geshi 1.0.1
geshi geshi 1.0.7.17
geshi geshi 1.0.6
geshi geshi 1.0.7.18
geshi geshi 1.0.4
geshi geshi 1.0.7.7
geshi geshi 1.0.3
geshi geshi 1.0.5
geshi geshi 1.0.7.4
geshi geshi 1.0.7.11
geshi geshi 1.0.7.15
geshi geshi 1.0.7.13
geshi geshi 1.0.7.20
geshi geshi 1.0.7.9
geshi geshi 1.0.7.16
geshi geshi *
geshi geshi 1.0.7.8
geshi geshi 1.0.0
geshi geshi 1.0.7.6
geshi geshi 1.0.7.2
geshi geshi 1.0.7.1
geshi geshi 1.0.7.19
geshi geshi 1.0.7.14
geshi geshi 1.0.7.12
geshi geshi 1.0.7.22
geshi geshi 1.0.7.5
geshi geshi 1.0.2
geshi geshi 1.0.7.10
geshi geshi 1.0.7.3