CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6189 – GForge 4.5.19 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6189
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php. Una vulnerabilidad de inyección SQL en GForge versión 4.5.19, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro offset en archivos (1) new/index.php, (2) news/index.php y (3) top/topusers.php, que no son manejados apropiadamente en el archivo database-pgsql.php. • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105 http://secunia.com/advisories/32217 https://exchange.xforce.ibmcloud.com/vulnerabilities/45802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 3CVE-2008-6188 – Gforge 4.6 rc1 - 'skill_edit' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6188
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. Vulnerabilidad de inyección SQL en people/editprofile.php en Gforge 4.6 rc1 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "skill_edit[]". • https://www.exploit-db.com/exploits/6708 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 3CVE-2008-6187 – GForge 4.5.19 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6187
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Vulnerabilidad de inyección SQL en frs/shownotes.php en Gforge v4.5.19 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "release_id". • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/45811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2381
https://notcve.org/view.php?id=CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. Vulerabilidad de inyección SQL en la función create de common/include/GroupJoinRequest.class en Gforge v4.5 y v4.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable comments. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709 http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log http://secunia.com/advisories/33229 http://secunia.com/advisories/33499 http://security-tracker.debian.net/tracker/CVE-2008-2381 http://www.securityfocus.com/bid/33086 http://www.securitytracker.com/id?1021510 http://www.vupen.com/english/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.6EPSS: 0%CPEs: 14EXPL: 1CVE-2008-0167 – phpQLAdmin 2.2.7 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-0167
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. La función write_array_file en utils/include.pl de GForge 4.5.14 actualiza los archivos de configuración truncándolos a longitud cero y a continuación escribe datos nuevos, lo que podría permitir a atacantes evitar las restricciones de acceso planificadas o tener otros impactos no especificados en circunstancias oportunas. • https://www.exploit-db.com/exploits/5173 http://secunia.com/advisories/30088 http://secunia.com/advisories/30286 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz http://www.debian.org/security/2008/dsa-1577 http://www.securityfocus.com/bid/29215 http://www.vupen.com/english/advisories/2008/1537/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42456 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •