Published: 25/02/2018 Updated: 05/03/2019

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 610

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

install/installNewDB.php in TestLink up to and including 1.9.16 allows remote malicious users to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
testlink testlink

# Title: TestLink Open Source Test Management(<= 1916) Remote Code Execution By Manish (error1046) Vendor Home Page: testlinkorg Disovered At: Indishell Lab CVE ID: CVE-2018-7466 /////////// //OverView /////////// Testlink (Version Below 1917) is vulnerable to Remote Code Execution Vulnerable code is in file "install/installNewD ...

TestLink Open Source Test Management versions prior to 1916 suffer from a remote code execution vulnerability ...

TestLink Open Source Test Management versions prior to 1916 remote proof of concept code execution exploit ...

CWE-94 https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679 https://www.exploit-db.com/exploits/44226/https://www.exploit-db.com/exploits/44349/https://nvd.nist.gov https://www.exploit-db.com/exploits/44349/

CVE-2018-7466

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect