← back
CVE-2014-8791

CVE-2014-8791

43Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 15%
from disclosure to weapon13 days
Published on NVDDec 2
1st PoC+13d
metasploitNov 27
exploitation probability
15%top 4% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.