Lucene search
K
TeamstTestlink

4 matches found

CVE
CVE
added 2009/12/10 11:0 p.m.65 views

CVE-2009-4238

TestLink prior to 1.8.5 contains multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL commands via inputs such as the Test Case ID field (lib/general/navBar.php) or the logLevel parameter (lib/events/eventviewer.php). The issue stems from insuffici...

6.5CVSS7.9AI score0.01082EPSS
Web
CVE
CVE
added 2009/12/10 11:0 p.m.55 views

CVE-2009-4237

TestLink (before version 1.8.5) is affected by multiple XSS and SQL injection vulnerabilities. The XSS flaws affect inputs across several scripts (e.g., login.php req parameter; lib/general/staticPage.php key; lib/attachments/attachmentupload.php tableName; lib/events/eventviewer.php startDate, e...

3.5CVSS5.3AI score0.03306EPSS
Web
CVE
CVE
added 2012/09/15 5:0 p.m.45 views

CVE-2012-2275

CVE-2012-2275 refers to CSRF vulnerabilities in TestLink 1.9.3 and earlier that allow an attacker to hijack a logged-in user’s session and perform sensitive actions, such as changing the administrator’s email via lib/usermanagement/userInfo.php. The root cause is inadequate request validation for...

6.8CVSS7.2AI score0.02729EPSS
Web
CVE
CVE
added 2008/12/31 11:0 a.m.34 views

CVE-2008-5807

CVE-2008-5807 relates to multiple XSS vulnerabilities in TestLink prior to 1.8 RC1. The issues allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. Affected software is...

4.3CVSS5.9AI score0.01033EPSS