CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

Link	Resource
http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log
http://security-tracker.debian.net/tracker/CVE-2008-2381
http://secunia.com/advisories/33229	Vendor Advisory
http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709
http://secunia.com/advisories/33499
http://www.securityfocus.com/bid/33086
http://www.securitytracker.com/id?1021510
http://www.vupen.com/english/advisories/2009/0004
https://exchange.xforce.ibmcloud.com/vulnerabilities/47703

Configuration 1

cpe:2.3:a:gforge:gforge:4.5:*:*:*:*:*:*:* cpe:2.3:a:gforge:gforge:4.6:*:*:*:*:*:*:*

---

Published : 2009-01-02 07:30

Updated : 2017-08-08 01:31

---

NVD link : CVE-2008-2381

Mitre link : CVE-2008-2381

No products.

CWE-89