{"id":"CVE-2018-7538","details":"A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.","modified":"2026-04-10T04:12:49.756739Z","published":"2018-03-12T21:29:01.077Z","references":[{"type":"FIX","url":"https://tuleap.net/plugins/tracker/?aid=11192"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2018/Mar/20"},{"type":"EVIDENCE","url":"https://github.com/cmaruti/reports/blob/master/tuleap.pdf"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44286/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/enalean/tuleap","events":[{"introduced":"0"},{"fixed":"0bc34a955911a624eac9c2f58f3cea635f0eea41"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"9.18"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7538.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}