Tuleap Security Vulnerabilities and Issues — Tuleap CVE List

Lucene search

EnaleanTuleap

4 matches found

CVE•added 2018/03/12 9:29 p.m.•51 views

CVE-2018-7538

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

9.8CVSS9.8AI score0.12539EPSS

CVE•added 2017/04/29 4:59 p.m.•50 views

CVE-2017-7981

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this v...

9CVSS8.8AI score0.25734EPSS

CVE•added 2014/11/28 3:59 p.m.•37 views

CVE-2014-7178

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

9.3CVSS7.8AI score0.10014EPSS

CVE•added 2018/09/21 7:29 a.m.•29 views

CVE-2018-17298

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

9.8CVSS9.4AI score0.00399EPSS