Enalean Tuleap prior to 7.5.99.6 allows remote malicious users to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
Vulnerability title: Tuleap <= 74995 Remote Command Execution in Enalean Tuleap
CVE: CVE-2014-7178
Vendor: Enalean
Product: Tuleap
Affected version: 74995 and earlier
Fixed version: 75
Reported by: Jerzy Kramarz
Details:
Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather reque ...