Описание
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
Комментарий
An attacker may require credentials to exploit this.
GForge's configuration setting $sys_use_people must be enabled. This may not be the default setting contingent upon the environment in which it is installed.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6_b2 (включая)
cpe:2.3:a:gforge:gforge:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.01
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
больше 18 лет назад
SQL injection vulnerability in www/people/editprofile.php in GForge 4. ...
github
почти 4 года назад
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
EPSS
Процентиль: 76%
0.01
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-89