VYPR
High severity8.8NVD Advisory· Published Oct 30, 2017· Updated Jun 17, 2026

CVE-2017-7411

CVE-2017-7411

Description

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*:*
    Range: <=9.6

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.