4 matches found
Tuleap PHP Unserialize Code Execution (CVE-2014-8791)
This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...
CVE-2014-8791
creationtimestamp| type| source ---|---|--- 2014-12-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35545 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/tuleapunserializeexec.rb 2025-02-06 03:13:42+00:00|...
Tuleap PHP Unserialize Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuelap...
CVE-2014-8791
CVE-2014-8791 affects Tuleap up to version 7.6-4. The vulnerability resides in the /src/www/project/register.php path where the data parameter is unserialized, allowing PHP object injection and potential arbitrary code execution when sys_create_project_in_one_step is disabled. The issue requires ...