Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.