CVE-2008-6188 – Gforge 4.6 rc1 - 'skill_edit' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6188
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. Vulnerabilidad de inyección SQL en people/editprofile.php en Gforge 4.6 rc1 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "skill_edit[]". • https://www.exploit-db.com/exploits/6708 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6187 – GForge 4.5.19 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6187
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Vulnerabilidad de inyección SQL en frs/shownotes.php en Gforge v4.5.19 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "release_id". • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/45811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2381
https://notcve.org/view.php?id=CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. Vulerabilidad de inyección SQL en la función create de common/include/GroupJoinRequest.class en Gforge v4.5 y v4.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable comments. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709 http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log http://secunia.com/advisories/33229 http://secunia.com/advisories/33499 http://security-tracker.debian.net/tracker/CVE-2008-2381 http://www.securityfocus.com/bid/33086 http://www.securitytracker.com/id?1021510 http://www.vupen.com/english/advis • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0173
https://notcve.org/view.php?id=CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. Vulnerabilidad de inyección SQL en Gforge 4.6.99 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetro no especificados, relacionado con la exportación de RSS. • http://secunia.com/advisories/28395 http://secunia.com/advisories/28451 http://www.debian.org/security/2008/dsa-1459 http://www.securityfocus.com/bid/27266 http://www.vupen.com/english/advisories/2008/0115 https://exchange.xforce.ibmcloud.com/vulnerabilities/39666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-4966 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •