Testlink@* Security Vulnerabilities and Issues — Testlink@* CVE List

Lucene search

TestlinkTestlink*

11 matches found

CVE•added 2020/01/20 6:15 a.m.•88 views

CVE-2019-20381

TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.

6.1CVSS6.1AI score0.00419EPSS

CVE•added 2018/02/25 7:29 a.m.•51 views

CVE-2018-7466

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

7.5CVSS7.4AI score0.10683EPSS

Web

CVE•added 2014/10/31 2:55 p.m.•48 views

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.

7.5CVSS8AI score0.03228EPSS

Web

CVE•added 2017/09/26 3:29 p.m.•44 views

CVE-2015-7390

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

9.8CVSS9.9AI score0.004EPSS

Web

CVE•added 2017/09/26 3:29 p.m.•44 views

CVE-2015-7391

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/tes...

6.1CVSS6AI score0.00215EPSS

Web

CVE•added 2024/08/26 8:15 p.m.•44 views

CVE-2024-42906

TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.

6.1CVSS5.2AI score0.00092EPSS

CVE•added 2014/10/31 2:55 p.m.•39 views

CVE-2014-8082

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.

5CVSS6.3AI score0.00656EPSS

Web

CVE•added 2018/03/05 7:29 a.m.•39 views

CVE-2018-7668

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.

7.5CVSS7.4AI score0.00333EPSS

Web

CVE•added 2020/03/05 1:15 p.m.•36 views

CVE-2019-20107

Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVe...

8.8CVSS9.1AI score0.01782EPSS

CVE•added 2007/11/15 10:46 p.m.•34 views

CVE-2007-6006

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

10CVSS6.7AI score0.00291EPSS

CVE•added 2023/12/30 5:15 p.m.•33 views

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.

7.5CVSS7.8AI score0.0034EPSS