Lucene search

PRIOn knowledge basePRION:CVE-2008-2381

HistoryJan 02, 2009 - 7:30 p.m.

Sql injection

2009-01-0219:30:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.5%

JSON

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

CPENameOperatorVersion
gforgeeq4.5
gforgeeq4.6

CPE	Name	Operator	Version
	gforge	eq	4.5
	gforge	eq	4.6

References

gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709

gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log

secunia.com/advisories/33229

secunia.com/advisories/33499

security-tracker.debian.net/tracker/CVE-2008-2381

www.securityfocus.com/bid/33086

www.securitytracker.com/id?1021510

www.vupen.com/english/advisories/2009/0004

exchange.xforce.ibmcloud.com/vulnerabilities/47703