CVE-2020-12274

2020-04-2713:15:12

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

CPENameOperatorVersion
testlink-codeeq1.9.11
testlink-codeeq1.9.14
testlink-codeeq1.9.15
testlink-codeeq1.9.18
testlink-codeeq1.9.10
testlink-codeeq1.9.13
testlink-codeeqDevBeforeSmartyWIthComposer
testlink-codeeq1.9.5
testlink-codeeq1.9.20
testlink-codeeq1.9.6

Name	Operator	Version
testlink-code	eq	1.9.11
testlink-code	eq	1.9.14
testlink-code	eq	1.9.15
testlink-code	eq	1.9.18
testlink-code	eq	1.9.10
testlink-code	eq	1.9.13
testlink-code	eq	DevBeforeSmartyWIthComposer
testlink-code	eq	1.9.5
testlink-code	eq	1.9.20
testlink-code	eq	1.9.6