Published: 29/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Tuleap prior to 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki prior to 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
enalean tuleap
phpwiki project phpwiki 1.3.10

# Tuleap - Command Injection in Project Wiki **CVE:** CVE-2017-7981 **CVSSv3:** 94 (CVSS:30/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C) **Versions affected:** >= 83 and <= 969986 ## Introduction Tuleap is a Libre suite to plan, track, code and collaborate on software projects Tuleap helps development teams to build awesome ...

Tuleap versions between 83 and 969986 suffer from a remote command injection vulnerability ...

CWE-78 https://tuleap.net/plugins/tracker/?aid=10159 https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md https://www.exploit-db.com/exploits/41953/https://nvd.nist.gov https://www.exploit-db.com/exploits/41953/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7981

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect