SQL injection vulnerability in TestLink prior to 1.9.14 allows remote malicious users to execute arbitrary SQL commands via the apikey parameter to lnl.php.
testlink testlink