Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks.