CVE-2008-2381

NameCVE-2008-2381
DescriptionSQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1698-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gforgesource(unstable)4.7~rc2-7high
gforgesourceetch4.5.14-22etch10highDSA-1698-1

Search for package or bug name: Reporting problems