4 matches found
CVE-2009-4238
TestLink prior to 1.8.5 contains multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL commands via inputs such as the Test Case ID field (lib/general/navBar.php) or the logLevel parameter (lib/events/eventviewer.php). The issue stems from insuffici...
CVE-2009-4237
TestLink (before version 1.8.5) is affected by multiple XSS and SQL injection vulnerabilities. The XSS flaws affect inputs across several scripts (e.g., login.php req parameter; lib/general/staticPage.php key; lib/attachments/attachmentupload.php tableName; lib/events/eventviewer.php startDate, e...
CVE-2012-2275
CVE-2012-2275 refers to CSRF vulnerabilities in TestLink 1.9.3 and earlier that allow an attacker to hijack a logged-in user’s session and perform sensitive actions, such as changing the administrator’s email via lib/usermanagement/userInfo.php. The root cause is inadequate request validation for...
CVE-2008-5807
CVE-2008-5807 relates to multiple XSS vulnerabilities in TestLink prior to 1.8 RC1. The issues allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. Affected software is...