📄 Geeklog 2.2.1 Blind SQL Injection_PACKETSTORM:214756

Description

A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive...

Visit Original Source

Basic Information

ID PACKETSTORM:214756

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions Geeklog 2.2.1 - Blind SQL Injection
Advisory ID: RO-20-002
Severity: Critical
Vendor: Geeklog
Product: Geeklog CMS
Version: 2.2.1

Overview #

A Blind SQL Injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php.

Vulnerability Details #

Affected Versions: 2.2.1 and earlier

Location: comment.php

Affected Parameter: uid

Root Cause: Insufficient input validation on the uid parameter allows SQL Injection attacks.

Exploitation Requirements #

No authentication required
Direct access to the comment endpoint

Impact #

Remote attackers can exploit this vulnerability to:

Extract sensitive data from the database
Bypass authentication mechanisms
Modify or delete database content

Proof of Concept #

POST /geeklog-2.2.1/public_html/comment.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded

uid=2+++((SELECT+1+FROM+(SELECT+SLEEP(25))A))/*'XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR'|"XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR"*/

Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.

Solution #

Upgrade to a patched version of Geeklog that includes proper input sanitization and parameterized queries.

References #

Invicti Advisory NS-20-002

Timeline:

[2020-01-01] - Discovered

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:32:29",
    "description": "A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Geeklog 2.2.1 Blind SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214756",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "Geeklog 2.2.1 - Blind SQL Injection\n    Advisory ID: RO-20-002\n    Severity: Critical\n    Vendor: Geeklog\n    Product: Geeklog CMS\n    Version: 2.2.1\n    \n    \n    Overview #\n    \n    A Blind SQL Injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: 2.2.1 and earlier\n    \n    Location: comment.php\n    \n    Affected Parameter: uid\n    \n    Root Cause: Insufficient input validation on the uid parameter allows SQL Injection attacks.\n    \n    \n    Exploitation Requirements #\n    \n        No authentication required\n        Direct access to the comment endpoint\n    \n    Impact #\n    \n    Remote attackers can exploit this vulnerability to:\n    \n        Extract sensitive data from the database\n        Bypass authentication mechanisms\n        Modify or delete database content\n    \n    Proof of Concept #\n    \n    POST /geeklog-2.2.1/public_html/comment.php HTTP/1.1\n    Host: target.com\n    Content-Type: application/x-www-form-urlencoded\n    \n    uid=2+++((SELECT+1+FROM+(SELECT+SLEEP(25))A))/*'XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR'|\"XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR\"*/\n    \n    Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.\n    \n    \n    Solution #\n    \n    Upgrade to a patched version of Geeklog that includes proper input sanitization and parameterized queries.\n    \n    \n    References #\n    \n        Invicti Advisory NS-20-002\n    \n    Timeline:\n    \n        [2020-01-01] - Discovered\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214756",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214756/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply