A bug has encountred in Geeklog 1.39 possibly other versions. Default Installation May Disclose Installation Files to Remote Users , exactly in script install located in /admin/install.
A remote user can execute install script with permissions admin, the directory containing the installation script is accessible to remote users. The script itself can be executed.
