Lucene search

[email protected]CVE-2008-2381

HistoryJan 02, 2009 - 7:30 p.m.

CVE-2008-2381

2009-01-0219:30:00

CWE-89

[email protected]

web.nvd.nist.gov

security

vulnerability

sql injection

gforge 4.5

gforge 4.6

cve-2008-2381

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

Affected configurations

NVD

Node

gforgegforgeMatch4.5

gforgegforgeMatch4.6

CPENameOperatorVersion
gforge:gforgegforgeeq4.5
gforge:gforgegforgeeq4.6

CPE	Name	Operator	Version
gforge:gforge	gforge	eq	4.5
gforge:gforge	gforge	eq	4.6

References

gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709

gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log

secunia.com/advisories/33229

secunia.com/advisories/33499

security-tracker.debian.net/tracker/CVE-2008-2381

www.securityfocus.com/bid/33086

www.securitytracker.com/id?1021510

www.vupen.com/english/advisories/2009/0004

exchange.xforce.ibmcloud.com/vulnerabilities/47703

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for CVE-2008-2381

cvelist1 seebug1 nessus1 ubuntucve1 openvas2 debian1 prion1 nvd1