Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search commits in the legacy Subversion repositories.
An attacker with read access to a "SVN core" repository could execute arbitrary SQL queries.
CVSSv3.1 score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Issue can be demonstrated in a repo with multiple commits by adding the morder GET parameter to the request and setting it to something revision LIMIT 1--. Only one commit will be displayed instead of the complete list.
OWASP SQL Injection