TestLink 1.9.14 SQL Injection Vulnerability

ID 1337DAY-ID-24980
Type zdt
Reporter High-Tech Bridge
Modified 2016-02-19T00:00:00


TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.

                                            Product: TestLink
Vendor: TestLink Development Team
Vulnerable Version(s): 1.9.14 and probably prior
Tested Version: 1.9.14
Advisory Publication:  January 7, 2016  [without technical details]
Vendor Notification: January 7, 2016 
Vendor Patch: January 9, 2016 
Public Disclosure: February 17, 2016 
Vulnerability Type: SQL Injection [CWE-89]
Risk Level: High 
CVSSv3 Base Score: 7.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L]
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 


Advisory Details:

High-Tech Bridge Security Research Lab discovered high-risk SQL injection vulnerability in TestLink Open Source Test Management. The vulnerability can be exploited to alter the present SQL query and gain access to potentially sensitive information or even to completely compromise the vulnerable web application.

The vulnerability is caused by insufficient filtration of "apikey" HTTP GET parameter, passed to "lnl.php" PHP script. A remote unauthenticated attacker can inject and execute arbitrary SQL commands in application's database.

A simple exploit code below will display version of used MySQL server:




Update to TestLink 1.9.15

More Information:

#  0day.today [2016-04-20]  #