Every CVE whose affected-product data names Gforge, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2008-0173 — CVSS 7.5 (high): SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified…
CVE-2008-2381 — CVSS 7.5 (high): SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers…
CVE-2009-4070 — CVSS 7.5 (high): SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands…
CVE-2007-3913 — CVSS 7.5 (high): SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6189 — CVSS 7.5 (high): SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1)…
CVE-2008-6188 — CVSS 7.5 (high): SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL…
CVE-2008-6187 — CVSS 7.5 (high): SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via…
CVE-2007-0176 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web…
CVE-2007-0246 — CVSS 6.8 (medium): plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to…
CVE-2007-4966 — CVSS 6.8 (medium): SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL…
CVE-2005-1752 — CVSS 6.4 (medium): viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in…
CVE-2005-0299 — CVSS 5.0 (medium): Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the…
CVE-2005-2431 — CVSS 5.0 (medium): The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail…
CVE-2008-0167 — CVSS 4.6 (medium): The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then…
CVE-2007-3918 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or…
CVE-2009-3303 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject…
CVE-2009-4069 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject…
CVE-2005-2430 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1)…
CVE-2007-3921 — CVSS 3.3 (low): gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVE-2009-3304 — CVSS 3.3 (low): GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users'…