Vulnerabilities > Gforge > Gforge > 4.6

DATE CVE VULNERABILITY TITLE RISK
2009-02-19 CVE-2008-6188 SQL Injection vulnerability in Gforge
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
network
low complexity
gforge CWE-89
7.5
2009-01-02 CVE-2008-2381 SQL Injection vulnerability in Gforge 4.5/4.6
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
network
low complexity
gforge CWE-89
7.5