2 matches found
CVE-2008-6188
CVE-2008-6188 affects GForge 4.6 rc1 and earlier. The SQL injection exists in people/editprofile.php via the skill_edit[] parameter, enabling remote attackers to inject arbitrary SQL. Connected sources confirm the affected software and input vector; no vendor patch is provided in the documents, s...
Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability
No description provided by source. Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on /www/people/skillsutils.php...