CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 3CVE-2008-6187 – GForge 4.5.19 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6187
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Vulnerabilidad de inyección SQL en frs/shownotes.php en Gforge v4.5.19 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "release_id". • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/45811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2381
https://notcve.org/view.php?id=CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. Vulerabilidad de inyección SQL en la función create de common/include/GroupJoinRequest.class en Gforge v4.5 y v4.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable comments. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709 http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log http://secunia.com/advisories/33229 http://secunia.com/advisories/33499 http://security-tracker.debian.net/tracker/CVE-2008-2381 http://www.securityfocus.com/bid/33086 http://www.securitytracker.com/id?1021510 http://www.vupen.com/english/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0173
https://notcve.org/view.php?id=CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. Vulnerabilidad de inyección SQL en Gforge 4.6.99 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetro no especificados, relacionado con la exportación de RSS. • http://secunia.com/advisories/28395 http://secunia.com/advisories/28451 http://www.debian.org/security/2008/dsa-1459 http://www.securityfocus.com/bid/27266 http://www.vupen.com/english/advisories/2008/0115 https://exchange.xforce.ibmcloud.com/vulnerabilities/39666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4966 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0246
https://notcve.org/view.php?id=CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. plugins/scmcvs/www/cvsweb.php en el CGI CVSWeb de GForge 4.5.16 anterior al 24/05/2007, también conocido como gforge-plugin-scmcvs, permite a atacantes remotos ejecutar comandos de su elección mediante metacaracteres de línea de comandos en el PATH_INFO. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/plugins/scmcvs/www/cvsweb.php?root=gforge&r1=5849&r2=6038&pathrev=6038 http://osvdb.org/36526 http://secunia.com/advisories/25395 http://secunia.com/advisories/25416 http://www.debian.org/security/2007/dsa-1297 http://www.securityfocus.com/bid/24141 http://www.vupen.com/english/advisories/2007/1942 https://exchange.xforce.ibmcloud.com/vulnerabilities/34510 •