Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories.
An attacker with read access to a CVS repository could execute arbitrary SQL queries.
CVSSv3.1 score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Issue can be demonstrated in a repo with multiple revisions by adding the morder GET parameter to the request and setting it to something revision LIMIT 1--. Only one revision will be displayed instead of the complete list.
OWASP SQL Injection