CVEブラウザに戻る

CVE-2018-7538

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0280%

EPSS Percentile36.89th

Published2018年3月12日

Last Modified2024年11月21日

Vulnerability Description

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

Affected Platforms (CPE)

📦

Enalean

Tuleap

< 9.18

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Mar/20

🔗 https://github.com/cmaruti/reports/blob/master/tuleap.pdf

🔗 https://tuleap.net/plugins/tracker/?aid=11192

🔗 https://www.exploit-db.com/exploits/44286/

🔗 http://seclists.org/fulldisclosure/2018/Mar/20

🔗 https://github.com/cmaruti/reports/blob/master/tuleap.pdf

🔗 https://tuleap.net/plugins/tracker/?aid=11192

🔗 https://www.exploit-db.com/exploits/44286/

関連する脆弱性情報

CVE-2018-172989.8

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

CVE-2014-71789.3

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided ...

CVE-2018-76348.8

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible ...

CVE-2017-74118.8

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() m...