CVE-2008-6187

Gforge < 4.5.19 - SQL Injection via release_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6187. PoCs published by beford.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Gforge <= 4.5.19 by injecting malicious SQL queries into URL parameters like 'offset' and 'pub_sql'. It bypasses magic_quotes_gpc and extracts sensitive data such as user credentials and database version.

Description

SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by beford · textwebappsphp
https://www.exploit-db.com/exploits/6707

The exploit demonstrates SQL injection vulnerabilities in Gforge <= 4.5.19 by injecting malicious SQL queries into URL parameters like 'offset' and 'pub_sql'. It bypasses magic_quotes_gpc and extracts sensitive data such as user credentials and database version.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Gforge <= 4.5.19
No auth needed
Prerequisites: Access to the target Gforge instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32217
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31674
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45811
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6707

Scores

EPSS 0.0131
EPSS Percentile 66.9%

Details

CWE
CWE-89
Status published
Products (10)
gforge/gforge 3.0
gforge/gforge 3.1
gforge/gforge 3.2
gforge/gforge 3.3
gforge/gforge 3.21
gforge/gforge 4.5
gforge/gforge 4.5.11
gforge/gforge 4.5.14
gforge/gforge 4.5.16
gforge/gforge < 4.5.19
Published Feb 19, 2009
Tracked Since Feb 18, 2026