{“lastseen”:”2026-02-02T18:32:29″,”description”:”A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive…”,”published”:”2026-02-02T00:00:00″,”modified”:”2026-02-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Geeklog 2.2.1 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214756″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”Geeklog 2.2.1 – Blind SQL Injection\\n Advisory ID: RO-20-002\\n Severity: Critical\\n Vendor: Geeklog\\n Product: Geeklog CMS\\n Version: 2.2.1\\n \\n \\n Overview #\\n \\n A Blind SQL Injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php.\\n \\n \\n Vulnerability Details #\\n \\n Affected Versions: 2.2.1 and earlier\\n \\n Location: comment.php\\n \\n Affected Parameter: uid\\n \\n Root Cause: Insufficient input validation on the uid parameter allows SQL Injection attacks.\\n \\n \\n Exploitation Requirements #\\n \\n No authentication required\\n Direct access to the comment endpoint\\n \\n Impact #\\n \\n Remote attackers can exploit this vulnerability to:\\n \\n Extract sensitive data from the database\\n Bypass authentication mechanisms\\n Modify or delete database content\\n \\n Proof of Concept #\\n \\n POST \/geeklog-2.2.1\/public_html\/comment.php HTTP\/1.1\\n Host: target.com\\n Content-Type: application\/x-www-form-urlencoded\\n \\n uid=2+++((SELECT+1+FROM+(SELECT+SLEEP(25))A))\/*’XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR’|\\”XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR\\”*\/\\n \\n Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.\\n \\n \\n Solution #\\n \\n Upgrade to a patched version of Geeklog that includes proper input sanitization and parameterized queries.\\n \\n \\n References #\\n \\n Invicti Advisory NS-20-002\\n \\n Timeline:\\n \\n [2020-01-01] – Discovered\\n \\n Credits: Omar Kurt”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214756″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214756\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-02T18:32:29″,”description”:”A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-38566","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n