Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-7391
Multiple cross-site scripting (XSS) vulnerabilities in TestLink prior to 1.9.14 allow remote malicious users to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) contain...
Testlink Testlink
6
CVSSv2
CVE-2018-7466
install/installNewDB.php in TestLink up to and including 1.9.16 allows remote malicious users to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
Testlink Testlink
2 EDB exploits
5
CVSSv2
CVE-2018-7668
TestLink up to and including 1.9.16 allows remote malicious users to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
Testlink Testlink
NA
CVE-2023-50110
TestLink up to and including 1.9.20 allows type juggling for authentication bypass because === is not used.
Testlink Testlink
7.5
CVSSv2
CVE-2014-8081
lib/execute/execSetResults.php in TestLink prior to 1.9.13 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
Testlink Testlink
5
CVSSv2
CVE-2014-8082
lib/functions/database.class.php in TestLink prior to 1.9.13 allows remote malicious users to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
Testlink Testlink
NA
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
NA
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
4.3
CVSSv2
CVE-2019-19491
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
Testlink Testlink 1.9.19
7.5
CVSSv2
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
Testlink Testlink 1.9.20
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »