CVE-2012-0939

2014-08-1414:55:04

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

testlinktestlinkMatch1.8.5b

testlinktestlinkMatch1.9.3

VendorProductVersionCPE
testlinktestlink1.8.5bcpe:2.3:a:testlink:testlink:1.8.5b:*:*:*:*:*:*:*
testlinktestlink1.9.3cpe:2.3:a:testlink:testlink:1.9.3:*:*:*:*:*:*:*