CVE-2020-8841

2020-02-1021:56:10

Google

osv.dev

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON

An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.

CPENameOperatorVersion
testlink-codeeq1.9.11
testlink-codeeq1.9.14
testlink-codeeq1.9.15
testlink-codeeq1.9.18
testlink-codeeq1.9.10
testlink-codeeq1.9.13
testlink-codeeqDevBeforeSmartyWIthComposer
testlink-codeeq1.9.5
testlink-codeeq1.9.6
testlink-codeeq1.9.3

Name	Operator	Version
testlink-code	eq	1.9.11
testlink-code	eq	1.9.14
testlink-code	eq	1.9.15
testlink-code	eq	1.9.18
testlink-code	eq	1.9.10
testlink-code	eq	1.9.13
testlink-code	eq	DevBeforeSmartyWIthComposer
testlink-code	eq	1.9.5
testlink-code	eq	1.9.6
testlink-code	eq	1.9.3