Описание
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gforge | fixed | 4.6.99+svn6330-1 | package |
Примечания
this is exploitable by unauthenticated users
Requires register_globals to be On, unsupported in lenny+sid.
In lenny+sid these scripts just don't work, so no security issue.
In etch+sarge we support gforge with rg On, unfortunately.
EPSS
Связанные уязвимости
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
EPSS