Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7466
install/installNewDB.php in TestLink up to and including 1.9.16 allows remote malicious users to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
Testlink Testlink
2 EDB exploits
7.5
CVSSv3
CVE-2018-7668
TestLink up to and including 1.9.16 allows remote malicious users to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
Testlink Testlink
NA
CVE-2007-6006
TestLink prior to 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
Testlink Testlink
8.8
CVSSv3
CVE-2019-20107
Multiple SQL injection vulnerabilities in TestLink up to and including 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requireme...
Testlink Testlink
6.1
CVSSv3
CVE-2019-20381
TestLink prior to 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
Testlink Testlink
7.5
CVSSv3
CVE-2023-50110
TestLink up to and including 1.9.20 allows type juggling for authentication bypass because === is not used.
Testlink Testlink
7.5
CVSSv3
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
Testlink Testlink 1.9.20
9.8
CVSSv3
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
Testlink Testlink 1.9.20
2 Github repositories
9.8
CVSSv3
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
Testlink Testlink 1.9.20
7.2
CVSSv3
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »