4 matches found
Remote code execution
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...
CVE-2017-7411
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...
CVE-2017-7411
Summary (CVE-2017-7411): Enalean Tuleap ≤ 9.6 is vulnerable due to User::getRecentElements() using unserialize() with data manipulable via the REST API, enabling injection of arbitrary PHP objects into the app scope and potential Remote Code Execution. Public material describes a second-order PHP...
CVE-2017-7411
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...