EUVD-2026-2781

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls...

CVE-2022-35195

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2019-20381

TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

CVE-2020-12274

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

EUVD-2014-7930

Malware in sbrugna...

EUVD-2018-19384

Malware in sbrugna...

EUVD-2022-38089

Malicious code in bioql PyPI...

EUVD-2022-38087

Malicious code in bioql PyPI...

EUVD-2022-38088

Malicious code in bioql PyPI...

CVE-2024-46097

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...

CVE-2024-42906

TestLink before v.1.9.20 is vulnerable to Cross Site Scripting XSS via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name...

CVE-2020-8841

An issue was discovered in TestLink 1.9.19. The relationtype parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection...

PT-2022-22627 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink version 1.9.20 Description: A Cross-Site Request Forgery CSRF issue was found via the "/lib/plan/planView.php" API endpoint. Recommendations: For version 1.9.20, update to a newer version that contains a fix for this issue...

Sql injection

TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php...

TestLink has an unspecified vulnerability

TestLink is the TestLink team's set of open source software for managing the software testing process and providing statistical analysis. An unspecified vulnerability exists in TestLink. An attacker can exploit this vulnerability to obtain credentials in plaintext with the 'viewer' parameter of t...

TestLink urgenc parameter SQL injection vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in planUrgency.php with the...

TestLink File Upload Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...

TestLink SQL Injection Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.19. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...