Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and previous versions allow remote malicious users to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teamst testlink 1.8 |
||
teamst testlink 1.7.4 |
||
teamst testlink 1.8.1 |
||
teamst testlink 1.7.3 |
||
teamst testlink 1.8.0 |
||
teamst testlink 1.8.2 |
||
teamst testlink 1.8.4 |
||
teamst testlink |
||
teamst testlink 1.7.2 |
||
teamst testlink 1.8.3 |
||
teamst testlink 1.7.0 |
||
teamst testlink 1.7.1 |
||
teamst testlink 1.7 |