It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection.