SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-11-24
Updated
2009-11-24
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-19
Updated
2017-08-17
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-02-19
Updated
2017-10-19
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-02-19
Updated
2017-10-19
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
Max CVSS
7.5
EPSS Score
0.39%
Published
2009-01-02
Updated
2017-08-08
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
Max CVSS
7.5
EPSS Score
0.38%
Published
2008-01-15
Updated
2017-08-08
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
Max CVSS
6.8
EPSS Score
0.49%
Published
2007-09-18
Updated
2017-10-19
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2007-09-06
Updated
2017-07-29
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
Max CVSS
6.8
EPSS Score
1.58%
Published
2007-05-29
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
Max CVSS
6.8
EPSS Score
12.57%
Published
2007-01-11
Updated
2018-10-16
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
Max CVSS
6.4
EPSS Score
1.81%
Published
2005-12-31
Updated
2016-10-18
11 vulnerabilities found