This Metasploit module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
5a33756ac6f164ee2fb059946d33588c9b36b6022e2d724e212c9716e418d54e
Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.
192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad