331 matches found
CVE-2020-12273
CVE-2020-12273 affects TestLink 1.9.20, where a crafted login.php viewer parameter exposes cleartext credentials. The issue originates from the login.php viewer parameter and results in credential disclosure (cleartext) as described in multiple catalogs (NVD, Red Hat, CNVD, OSV, CVE lists). Impac...
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...
CVE-2020-12274
CVE-2020-12274 affects TestLink 1.9.20. The vulnerability is in lib/cfields/cfieldsExport.php where the goback_url parameter uses client input without proper constraining to lib/cfields/cfieldsView.php for the session site. This describes a security risk but the connected Red Hat/CVE sources do n...
TestLink node_id parameter SQL injection vulnerability
TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in dragdroptreenodes.php with the...
TestLink urgenc parameter SQL injection vulnerability
TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in planUrgency.php with the...
TestLink File Upload Vulnerability
TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...
Unrestricted file upload
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...
Sql injection
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...
Sql injection
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...
EUVD-2020-29487
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...
CVE-2020-8639
CVE-2020-8639 affects TestLink 1.9.20 via an unrestricted file upload in the keywordsImport.php endpoint. According to the sources, an authenticated attacker can upload a file with an executable extension to a publicly accessible directory, enabling arbitrary code execution (e.g., PHP) on the ser...
CVE-2020-8638
CVE-2020-8638 applies to TestLink 1.9.20 and is triggered via the urgency parameter in planUrgency.php, enabling SQL injection. Concrete details across connected sources confirm the vulnerable software and the affected parameter, with CVSS data indicating high severity remotely exploitable withou...