Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability

No description provided by source. Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on /www/people/skillsutils.php...

CVE-2008-6188

SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skilledit parameter...