Lucene search

CVE-2020-8637

🗓️ 03 Apr 2020 19:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 94 Views🌐 WEB

SQL injection vulnerability in TestLink 1.9.20, allows execution of arbitrary SQL commands

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Prion	Sql injection	3 Apr 202019:15	–	prion
GithubExploit	Exploit for SQL Injection in Testlink	15 Feb 202106:38	–	githubexploit
NVD	CVE-2020-8637	3 Apr 202019:15	–	nvd
Cvelist	CVE-2020-8637	3 Apr 202018:36	–	cvelist
OSV	CVE-2020-8637	3 Apr 202019:15	–	osv
OpenVAS	TestLink <= 1.9.20 Multiple Vulnerabilities	7 Apr 202000:00	–	openvas

Nvd

Node

testlink testlinkMatch1.9.20

Source	Link
github	www.github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d99bd8277d384f3417e917ce20bef5d061110343
ackcent	www.ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/

Parameter	Position	Path	Description	CWE
node_id	query param	/dragdroptreenodes.php	A SQL injection vulnerability allows attackers to execute arbitrary SQL commands via the node_id parameter.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Apr 2020 19:15Current

9.9High risk

Vulners AI Score9.9

CVSS27.5

CVSS39.8

EPSS0.0841

CWE-89