Arbitrary PHP Code Execution via PHP Object Injection in Tuleap Project Registration
CVE-2014-8791 · MEDIUM Severity
AV:N/AC:M/AU:S/C:P/I:P/A:P
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Learn more about our User Device Pen Test.