First published: Tue Dec 02 2014(Updated: )
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | =7.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.