CVE-2020-8637
SQL injection vulnerability in TestLink 1.9.20 allows execution of arbitrary SQL commands through the node_id parameter in dragdroptreenodes.php. Affected software: TestLink 1.9.20. Root cause: unsafely handled node_id parameter enabling SQL injection. Impact (per sources): high risk with potenti...