Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Enalean Tuleap 安全漏洞
Vulnerability Description
Enalean Tuleap是法国Enalean公司的一套开源的软件开发和项目管理工具。该工具提供企业应用程序生命周期管理,以及项目跟踪、源代码管理和团队协作等功能。 Enalean Tuleap 9.6及之前的版本中存在安全漏洞。攻击者可利用该漏洞注入任意的PHP对象,进一步实施多种攻击(不仅限于远程代码执行)。
CVSS Information
N/A
Vulnerability Type
N/A