Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink testlink 1.9.20 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
Testlink Testlink 1.9.20
445
VMScore
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
Testlink Testlink 1.9.20
NA
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
NA
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
NA
CVE-2022-35196
TestLink v1.9.20 exists to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Testlink Testlink 1.9.20
578
VMScore
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated malicious user to upload a malicious file (containing PHP code...
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
Testlink Testlink 1.9.20
2 Github repositories
NA
CVE-2023-50110
TestLink up to and including 1.9.20 allows type juggling for authentication bypass because === is not used.
Testlink Testlink
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »