Published: 19/02/2009 Updated: 19/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the skill_edit[] parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gforge gforge 4.6_b2
gforge gforge 4.5.16
gforge gforge 4.5.19
gforge gforge
gforge gforge 3.0
gforge gforge 3.21
gforge gforge 3.3
gforge gforge 3.1
gforge gforge 3.2
gforge gforge 4.5
gforge gforge 4.5.11
gforge gforge 4.5.14
gforge gforge 4.6

Gforge <= 46 rc1 skill_edit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magic_quotes_gpc setting Requires: Creating an account and be logged in Vulnerable function: handle_multi_edit($skill_ids) on /www/people/skills_utilsphp gforgesite/people/editprofilephp?skill_edit[]=1);select+1,2,3,ver ...

CWE-89 http://www.securityfocus.com/bid/31674 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 https://www.exploit-db.com/exploits/6708 https://nvd.nist.gov https://www.exploit-db.com/exploits/6708/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-6188

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect