CVE-2018-7538

CRITICAL

Enalean Tuleap < 9.18 - SQL Injection

Title source: rule

Description

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cristiano Maruti · textwebappsphp

https://www.exploit-db.com/exploits/44286

View Code ZIP pw:eip

References (4)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Mar/20

[Exploit, Third Party Advisory] https://github.com/cmaruti/reports/blob/master/tuleap.pdf

[Issue Tracking, Patch, Vendor Advisory] https://tuleap.net/plugins/tracker/?aid=11192

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44286/

Scores

CVSS v3 9.8

EPSS 0.1199

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

enalean/tuleap < 9.18

Published Mar 12, 2018

Tracked Since Feb 18, 2026