cpe:/a:gforge:gforge:4.5 cpe:/a:gforge:gforge:4.6 CVE-2008-2381 2009-01-02T14:30:00.343-05:00 2017-08-07T21:31:00.013-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-05T09:54:00.000-05:00 ALLOWS_OTHER_ACCESS SECTRACK 1021510 BID 33086 SECUNIA 33229 SECUNIA 33499 VUPEN ADV-2009-0004 XF gforge-create-sql-injection(47703) CONFIRM http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&r1=4590&r2=6709 CONFIRM http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/common/include/GroupJoinRequest.class?root=gforge&view=log CONFIRM http://security-tracker.debian.net/tracker/CVE-2008-2381 SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.