9 matches found
CVE-2024-46097
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...
CVE-2024-46097
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...
CVE-2024-46097
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...
PT-2024-31908 · Testlink · Testlink
Name of the Vulnerable Software and Affected Versions: TestLink version 1.9.20 Description: The issue is related to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function, it is...
CVE-2024-46097
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...
CVE-2024-46097
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...
CVE-2024-46097
Summary: CVE-2024-46097 affects TestLink 1.9.20 with an Incorrect Access Control in the TestPlan editing section. The flaw allows changing the tplan_id via edit operations due to missing permission checks, enabling recovery and modification of TestPlan IDs (including administrative ones) with min...
CVE-2008-5807
Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via 1 Testproject Names and 2 Testplan Names in planEdit.php, and possibly 3 Testcaseprefixes in projectview.tpl...
CVE-2008-5807
Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via 1 Testproject Names and 2 Testplan Names in planEdit.php, and possibly 3 Testcaseprefixes in projectview.tpl...