Page 2 of 10 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 3

SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. Vulnerabilidad de inyección SQL en people/editprofile.php en Gforge 4.6 rc1 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "skill_edit[]". • https://www.exploit-db.com/exploits/6708 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 3

SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Vulnerabilidad de inyección SQL en frs/shownotes.php en Gforge v4.5.19 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "release_id". • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/45811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. Vulerabilidad de inyección SQL en la función create de common/include/GroupJoinRequest.class en Gforge v4.5 y v4.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable comments. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709 http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log http://secunia.com/advisories/33229 http://secunia.com/advisories/33499 http://security-tracker.debian.net/tracker/CVE-2008-2381 http://www.securityfocus.com/bid/33086 http://www.securitytracker.com/id?1021510 http://www.vupen.com/english/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. Vulnerabilidad de inyección SQL en Gforge 4.6.99 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetro no especificados, relacionado con la exportación de RSS. • http://secunia.com/advisories/28395 http://secunia.com/advisories/28451 http://www.debian.org/security/2008/dsa-1459 http://www.securityfocus.com/bid/27266 http://www.vupen.com/english/advisories/2008/0115 https://exchange.xforce.ibmcloud.com/vulnerabilities/39666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •