TestLink SQL Injection Vulnerability (CNVD-2016-01142)

Testlink is a PHP-based open source test management tools . A SQL injection vulnerability exists in TestLink. The vulnerability is caused by the "apikey" HTTP GET parameter failing to filter via the "lnl.php" PHP script. An unauthenticated remote attacker can inject and execute arbitrary SQL...