CVE-2018-7538

CRITICAL

Tuleap < 9.18 - SQL Injection in Tracker Functionality

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7538. PoCs published by Cristiano Maruti.

AI-analyzed exploit summary This is a working proof-of-concept for a time-based blind SQL injection vulnerability in Tuleap's tracker functionality. The exploit demonstrates a delay-based payload injected into the 'criteria[499][values][]' parameter, confirming the vulnerability.

Description

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cristiano Maruti · textwebappsphp
https://www.exploit-db.com/exploits/44286

This is a working proof-of-concept for a time-based blind SQL injection vulnerability in Tuleap's tracker functionality. The exploit demonstrates a delay-based payload injected into the 'criteria[499][values][]' parameter, confirming the vulnerability.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Tuleap version 9.17.99.189
Auth required
Prerequisites: Access to a vulnerable Tuleap instance · Valid session cookie (authentication may be required depending on project visibility)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/20
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://tuleap.net/plugins/tracker/?aid=11192
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44286/

Scores

CVSS v3 9.8
EPSS 0.0446
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
enalean/tuleap < 9.18
Published Mar 12, 2018
Tracked Since Feb 18, 2026