Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Enalean Tuleap PhpWiki SyntaxHighlighter插件代码注入漏洞
Vulnerability Description
Enalean Tuleap是法国Enalean公司的一套开源的软件开发和项目管理工具。该工具提供企业应用程序生命周期管理,以及项目跟踪、源代码管理和团队协作等功能。PhpWiki是一套运行于PHP环境中的开源Wiki引擎程序。SyntaxHighlighter是其中的一个支持源代码高亮显示的插件。 Enalean Tuleap 9.7之前版本中使用的PhpWiki 1.3.10版本的SyntaxHighlighter插件存在命令注入漏洞。远程攻击者可利用该漏洞在服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A