Test ID:	1.3.6.1.4.1.25623.1.0.105952
Category:	Web application abuses
Title:	Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities
Summary:	Gogs is prone to multiple vulnerabilities.
Description:	Summary: Gogs is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-8681: SQL injection vulnerability in the GetIssues function in models/issue.go. - CVE-2014-8682: Multiple SQL injection vulnerabilities in the q parameter of api/v1/repos/search, which is not properly handled in models/repo.go and in api/v1/users/search, which is not properly handled in models/user.go. - CVE-2014-8683: Cross-site scripting (XSS) vulnerability in models/issue.go. Vulnerability Impact: Unauthenticated attackers can exploit these vulnerabilities to perform an XSS attack or execute arbitrary SQL commands which may lead to a complete compromise of the database. Affected Software/OS: Gogs versions starting with 0.3.1 and prior to 0.5.8. Solution: Update to version 0.5.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8681 http://www.exploit-db.com/exploits/35237 http://seclists.org/fulldisclosure/2014/Nov/31 http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html XForce ISS Database: gogs-cve20148681-sql-injection(98695) https://exchange.xforce.ibmcloud.com/vulnerabilities/98695 Common Vulnerability Exposure (CVE) ID: CVE-2014-8682 BugTraq ID: 71187 http://www.securityfocus.com/bid/71187 Bugtraq: 20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs (Google Search) http://www.securityfocus.com/archive/1/533995/100/0/threaded http://www.exploit-db.com/exploits/35238 http://seclists.org/fulldisclosure/2014/Nov/33 http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html XForce ISS Database: gogs-cve20148682-sql-injection(98694) https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 Common Vulnerability Exposure (CVE) ID: CVE-2014-8683 Bugtraq: 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer (Google Search) http://www.securityfocus.com/archive/1/533996/100/0/threaded http://seclists.org/fulldisclosure/2014/Nov/34 http://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html XForce ISS Database: gogs-cve20148683-xss(98693) https://exchange.xforce.ibmcloud.com/vulnerabilities/98693
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.