Add requirement to description

jvazquez-r7 · jvazquez-r7 · commit d01a07b1c737 · 2014-12-12T11:42:45.000-06:00
diff --git a/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb b/modules/exploits/unix/webapp/tuleap_unserialize_exec.rb
@@ -19,7 +19,8 @@ def initialize(info = {})
         web server. The dangerous unserialize() call exists in the 'src/www/project/register.php'
         file. The exploit abuses the destructor method from the Jabbex class in order to reach a
         call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from
-        the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call.
+        the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In
+        order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
       },
       'License'        => MSF_LICENSE,
       'Author'         => 'EgiX',
