Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4619
HistoryJan 06, 2009 - 12:00 a.m.

GForge GroupJoinRequest.class远程SQL注入漏洞

2009-01-0600:00:00
Root
www.seebug.org
12

0.004 Low

EPSS

Percentile

73.5%

JSON

BUGTRAQ ID: 33086
CVE(CAN) ID: CVE-2008-2381

GForge是用于管理软件开发周期的工具。

GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create()函数的输入,远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。

GForge GForge 4.6
GForge GForge 4.5
GForge

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&amp;view=log” target=“_blank”>http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&amp;view=log</a>

Related

cvelist 1
cve 1
openvas 2
nessus 1
ubuntucve 1
debian 1
prion 1
nvd 1
cvelist
cvelist
CVE-2008-2381
2009-01-02 19:00:00
cve
cve
CVE-2008-2381
2009-01-02 19:30:00
openvas
openvas
Debian Security Advisory DSA 1698-1 (gforge)
2009-01-13 00:00:00
Debian: Security Advisory (DSA-1698-1)
2009-01-13 00:00:00
nessus
nessus
Debian DSA-1698-1 : gforge - insufficient input sanitising
2009-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2008-2381
2009-01-02 00:00:00
debian
debian
[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection
2009-01-09 08:02:46
prion
prion
Sql injection
2009-01-02 19:30:00
nvd
nvd
CVE-2008-2381
2009-01-02 19:30:00

0.004 Low

EPSS

Percentile

73.5%

JSON
Related for SSV:4619
cvelist1cve1openvas2nessus1ubuntucve1debian1prion1nvd1