CVE-2014-8791
43Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 15%
from disclosure to weapon13 days
Published on NVDDec 2
1st PoC+13d
metasploitNov 27
exploitation probability
15%top 4% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/129309/Tuleap-7.6-4-PHP-Object-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/35545unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.