Gforge : Security Vulnerabilities, CVEs, CVSS score >= 5
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-03-25
Updated
2019-03-26
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-11-24
Updated
2009-11-24
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-19
Updated
2017-08-17
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-02-19
Updated
2017-10-19
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-02-19
Updated
2017-10-19
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
Max CVSS
7.5
EPSS Score
0.39%
Published
2009-01-02
Updated
2017-08-08
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
Max CVSS
7.5
EPSS Score
0.38%
Published
2008-01-15
Updated
2017-08-08
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
Max CVSS
6.8
EPSS Score
0.49%
Published
2007-09-18
Updated
2017-10-19
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2007-09-06
Updated
2017-07-29
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
Max CVSS
7.5
EPSS Score
4.81%
Published
2007-04-26
Updated
2017-10-11
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
Max CVSS
6.8
EPSS Score
1.57%
Published
2007-05-29
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
Max CVSS
6.8
EPSS Score
9.42%
Published
2007-01-11
Updated
2018-10-16
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
Max CVSS
5.0
EPSS Score
0.27%
Published
2005-08-03
Updated
2016-10-18
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
Max CVSS
6.4
EPSS Score
1.81%
Published
2005-12-31
Updated
2016-10-18
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.
Max CVSS
5.0
EPSS Score
0.36%
Published
2005-05-02
Updated
2017-07-11
15 vulnerabilities found