Total vulnerabilities in the database
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
| Software | From | Fixed in |
|---|---|---|
| geshi / geshi | 1.0.7.2 | 1.0.7.2.x |
| geshi / geshi | 1.0.7.3 | 1.0.7.3.x |
| geshi / geshi | 1.0.7.17 | 1.0.7.17.x |
| geshi / geshi | 1.0.7.20 | 1.0.7.20.x |
| geshi / geshi | 1.0.7.15 | 1.0.7.15.x |
| geshi / geshi | 1.0.7.19 | 1.0.7.19.x |
| geshi / geshi | 1.0.4 | 1.0.4.x |
| geshi / geshi | 1.0.7.7 | 1.0.7.7.x |
| geshi / geshi | 1.0.7.5 | 1.0.7.5.x |
| geshi / geshi | 1.0.7.6 | 1.0.7.6.x |
| geshi / geshi | 1.0.7.9 | 1.0.7.9.x |
| geshi / geshi | 1.0.1 | 1.0.1.x |
| geshi / geshi | 1.0.7.16 | 1.0.7.16.x |
| geshi / geshi | 1.0.7.22 | 1.0.7.22.x |
| geshi / geshi | 1.0.6 | 1.0.6.x |
| geshi / geshi | 1.0.7.4 | 1.0.7.4.x |
| geshi / geshi | 1.0.7.10 | 1.0.7.10.x |
| geshi / geshi | 1.0.7.21 | 1.0.7.21.x |
| geshi / geshi | 1.0.5 | 1.0.5.x |
| geshi / geshi | 1.0.7.14 | 1.0.7.14.x |
| geshi / geshi | 1.0.7.11 | 1.0.7.11.x |
| geshi / geshi | 1.0.7.12 | 1.0.7.12.x |
| geshi / geshi | 1.0.2 | 1.0.2.x |
| geshi / geshi | 1.0.3 | 1.0.3.x |
| geshi / geshi | 1.0.2_beta_1 | 1.0.2_beta_1.x |
| geshi / geshi | 1.0.7 | 1.0.7.x |
| geshi / geshi | 1.0.0 | 1.0.0.x |
| geshi / geshi | 1.0.7.13 | 1.0.7.13.x |
| geshi / geshi | 1.0.7.8 | 1.0.7.8.x |
| geshi / geshi | 1.0.7.18 | 1.0.7.18.x |
| geshi / geshi | - | 1.0.8.x |
| geshi / geshi | 1.0.7.1 | 1.0.7.1.x |