Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-7466
install/installNewDB.php in TestLink up to and including 1.9.16 allows remote malicious users to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
Testlink Testlink
2 EDB exploits
9.8
CVSSv3
CVE-2015-7390
SQL injection vulnerability in TestLink prior to 1.9.14 allows remote malicious users to execute arbitrary SQL commands via the apikey parameter to lnl.php.
Testlink Testlink
6.1
CVSSv3
CVE-2015-7391
Multiple cross-site scripting (XSS) vulnerabilities in TestLink prior to 1.9.14 allow remote malicious users to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) contain...
Testlink Testlink
NA
CVE-2014-8082
lib/functions/database.class.php in TestLink prior to 1.9.13 allows remote malicious users to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
Testlink Testlink
6.1
CVSSv3
CVE-2019-20381
TestLink prior to 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
Testlink Testlink
NA
CVE-2007-6006
TestLink prior to 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
Testlink Testlink
7.2
CVSSv3
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
5.4
CVSSv3
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
7.2
CVSSv3
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
8.8
CVSSv3
CVE-2022-35196
TestLink v1.9.20 exists to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Testlink Testlink 1.9.20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »