CVE-2014-8791

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 7.7

Description The issue allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter in the project/register.php file when sys create project in one step is disabled.

Recommendations For versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider enabling sys create project in one step to minimize the risk of exploitation.