Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2381

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2381
Last Modified 26 Feb 2009 01:53:46
Published 02 Jan 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2381

Summary

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

Vulnerable Systems

Application

  • Gforge 4.5

  • Gforge 4.6


References

XF - gforge-create-sql-injection(47703)

VUPEN - ADV-2009-0004

SECTRACK - 1021510

BID - 33086

CONFIRM - http://security-tracker.debian.net/tracker/CVE-2008-2381

SECUNIA - 33499

SECUNIA - 33229

CONFIRM - http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log

CONFIRM - http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709


Last Updated: 27 May 2016 10:47:50