SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-02-19
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
CVSS Score
7.5
EPSS Score
0.011
Published
2009-01-02