Published: 04/11/2014 Updated: 08/09/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 660

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in Enalean Tuleap prior to 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.

Vulnerable Product	Search on Vulmon	Subscribe to Product
enalean tuleap

Enalean Tuleap versions 74995 and below suffer from a remote, authenticated blind SQL injection vulnerability ...

Vulnerability title: Tuleap <= 74995 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 74995 and earlier Fixed version: 75 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an authenticated user A successful attack ...

Vulnerability title: Tuleap <= 72 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 72 and earlier Fixed version: 74995 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user S ...

CWE-89 http://seclists.org/fulldisclosure/2014/Oct/119 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html http://www.exploit-db.com/exploits/35098 http://www.securityfocus.com/bid/70773 https://www.tuleap.org/recent-vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/98307 https://nvd.nist.gov https://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html https://www.exploit-db.com/exploits/35098/

CVE-2014-7176

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect