Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink testlink vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2018-7466
install/installNewDB.php in TestLink up to and including 1.9.16 allows remote malicious users to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
Testlink Testlink
2 EDB exploits
5
CVSSv2
CVE-2018-7668
TestLink up to and including 1.9.16 allows remote malicious users to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
Testlink Testlink
10
CVSSv2
CVE-2007-6006
TestLink prior to 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
Testlink Testlink
6.5
CVSSv2
CVE-2019-20107
Multiple SQL injection vulnerabilities in TestLink up to and including 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requireme...
Testlink Testlink
4.3
CVSSv2
CVE-2019-20381
TestLink prior to 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
Testlink Testlink
NA
CVE-2023-50110
TestLink up to and including 1.9.20 allows type juggling for authentication bypass because === is not used.
Testlink Testlink
5
CVSSv2
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
Testlink Testlink 1.9.20
7.5
CVSSv2
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
Testlink Testlink 1.9.20
2 Github repositories
7.5
CVSSv2
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
Testlink Testlink 1.9.20
NA
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »