CVE-2008-0173

NameCVE-2008-0173
DescriptionSQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1459-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gforgesourcesarge3.1-31sarge5DSA-1459-1
gforgesourceetch4.5.14-22etch4DSA-1459-1
gforgesource(unstable)4.6.99+svn6330-1medium

Notes

this is exploitable by unauthenticated users
Requires register_globals to be On, unsupported in lenny+sid.
In lenny+sid these scripts just don't work, so no security issue.
In etch+sarge we support gforge with rg On, unfortunately.
Search for package or bug name: Reporting problems