← back
CVE-2017-7981

CVE-2017-7981

EPSS 16.1%
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/41953/unverifiedexploitdbwww.exploit-db.com/exploits/41953unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.mdhttps://tuleap.net/file/shownotes.php?release_id=137#/linked-artifactshttps://tuleap.net/plugins/tracker/?aid=10159https://www.exploit-db.com/exploits/41953/