Lucene search
K

331 matches found

CVE
CVE
added 2020/04/27 12:35 p.m.45 views

CVE-2020-12273

CVE-2020-12273 affects TestLink 1.9.20, where a crafted login.php viewer parameter exposes cleartext credentials. The issue originates from the login.php viewer parameter and results in credential disclosure (cleartext) as described in multiple catalogs (NVD, Red Hat, CNVD, OSV, CVE lists). Impac...

7.5CVSS7.5AI score0.00753EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/27 12:35 p.m.18 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

8AI score0.00753EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/04/27 12:34 p.m.21 views

CVE-2020-12274

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

9.5AI score0.01227EPSS
Exploits0References2
CVE
CVE
added 2020/04/27 12:34 p.m.46 views

CVE-2020-12274

CVE-2020-12274 affects TestLink 1.9.20. The vulnerability is in lib/cfields/cfieldsExport.php where the goback_url parameter uses client input without proper constraining to lib/cfields/cfieldsView.php for the session site. This describes a security risk but the connected Red Hat/CVE sources do n...

9.8CVSS9.4AI score0.01227EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/04/07 12:0 a.m.3 views

TestLink node_id parameter SQL injection vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in dragdroptreenodes.php with the...

9.8CVSS8.2AI score0.02935EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/07 12:0 a.m.2 views

TestLink urgenc parameter SQL injection vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink version 1.9.20. An attacker can exploit this vulnerability by executing arbitrary SQL commands in planUrgency.php with the...

9.8CVSS8.2AI score0.01698EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/07 12:0 a.m.2 views

TestLink File Upload Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...

8.8CVSS7.6AI score0.15858EPSS
Exploits3References1
NVD
NVD
added 2020/04/03 7:15 p.m.15 views

CVE-2020-8638

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

9.8CVSS10AI score0.01698EPSS
Exploits1References2
NVD
NVD
added 2020/04/03 7:15 p.m.15 views

CVE-2020-8637

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...

9.8CVSS10AI score0.02935EPSS
Exploits1References2
NVD
NVD
added 2020/04/03 7:15 p.m.17 views

CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

8.8CVSS8.9AI score0.15858EPSS
Exploits3References3
OSV
OSV
added 2020/04/03 7:15 p.m.20 views

CVE-2020-8637

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...

9.8CVSS8.5AI score
Exploits0References2
OSV
OSV
added 2020/04/03 7:15 p.m.22 views

CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

8.8CVSS7.8AI score0.15858EPSS
Exploits3References3
OSV
OSV
added 2020/04/03 7:15 p.m.14 views

CVE-2020-8638

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

9.8CVSS8.5AI score
Exploits0References2
Prion
Prion
added 2020/04/03 7:15 p.m.19 views

Unrestricted file upload

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

6.5CVSS8.9AI score0.15858EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2020/04/03 7:15 p.m.12 views

Sql injection

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...

7.5CVSS9.8AI score0.02935EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/04/03 7:15 p.m.15 views

Sql injection

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter...

7.5CVSS9.8AI score0.01698EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/03 6:36 p.m.21 views

CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

8.9AI score0.15858EPSS
Exploits3References3
EUVD
EUVD
added 2020/04/03 6:36 p.m.5 views

EUVD-2020-29487

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

8.8CVSS8.8AI score0.15858EPSS
Exploits3References4
CVE
CVE
added 2020/04/03 6:36 p.m.133 views

CVE-2020-8639

CVE-2020-8639 affects TestLink 1.9.20 via an unrestricted file upload in the keywordsImport.php endpoint. According to the sources, an authenticated attacker can upload a file with an executable extension to a publicly accessible directory, enabling arbitrary code execution (e.g., PHP) on the ser...

8.8CVSS8.9AI score0.15858EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2020/04/03 6:36 p.m.106 views

CVE-2020-8638

CVE-2020-8638 applies to TestLink 1.9.20 and is triggered via the urgency parameter in planUrgency.php, enabling SQL injection. Concrete details across connected sources confirm the vulnerable software and the affected parameter, with CVSS data indicating high severity remotely exploitable withou...

9.8CVSS9.9AI score0.01698EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder