Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
CVSS Score
9.3
EPSS Score
0.1
Published
2014-11-28
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
CVSS Score
6.5
EPSS Score
0.109
Published
2014-11-04
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
CVSS Score
4.0
EPSS Score
0.116
Published
2014-10-31
Page 5