Skip to main content

Tuleap CVE-2014-7176

MEDIUM
SQL Injection (CWE-89)
2014-11-04 cve@mitre.org
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Nov 04, 2014 - 15:55 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.

AnalysisAI

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. Affected products include: Enalean Tuleap. Version information: before 7.5.99.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Tuleap

View all
CVE-2017-7411 HIGH POC
8.8 Oct 30

An issue was discovered in Enalean Tuleap 9.6 and prior versions. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2014-8791 MEDIUM POC
6.0 Dec 02

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated

CVE-2014-7178 CRITICAL POC
9.3 Nov 28

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is

CVE-2017-7981 HIGH POC
8.8 Apr 29

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. Rated high severity (CVSS 8.

CVE-2018-7538 CRITICAL POC
9.8 Mar 12

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 a

CVE-2018-7634 HIGH POC
8.8 Mar 01

An issue was discovered in Enalean Tuleap 9.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitab

CVE-2021-41147 HIGH POC
7.2 Oct 15

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Rate

CVE-2014-7177 MEDIUM POC
4.0 Oct 31

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary

CVE-2018-17298 CRITICAL
9.8 Sep 21

An issue was discovered in Enalean Tuleap before 10.5. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2024-46988 MEDIUM POC
5.7 Oct 14

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 5.7), t

CVE-2024-52599 MEDIUM POC
5.4 Dec 09

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (

CVE-2022-39233 MEDIUM POC
5.4 Oct 19

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium seve

Share

CVE-2014-7176 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy