CVE-2014-8791

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:enalean:tuleap:7.6:*:*:*:*:*:*:*

Information

Published : 2014-12-01 17:59

Updated : 2018-10-09 12:54


NVD link : CVE-2014-8791

Mitre link : CVE-2014-8791


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

enalean

  • tuleap