CVE-2009-4238

2009-12-10T18:30:00
ID CVE-2009-4238
Type cve
Reporter NVD
Modified 2014-05-05T00:36:50

Description

Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.