Vulnerabilities > Enalean > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-29 CVE-2017-7981 OS Command Injection vulnerability in multiple products
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin.
network
low complexity
enalean phpwiki-project CWE-78
critical
9.0
2014-11-28 CVE-2014-7178 Improper Input Validation vulnerability in Enalean Tuleap
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
network
enalean CWE-20
critical
9.3