Vulnerabilities (CVE)

Filtered by vendor Testlink Subscribe

Filtered by product Testlink

Total 26 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20107	1 Testlink	1 Testlink	2024-11-21	6.5 MEDIUM	8.8 HIGH
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
CVE-2019-19491	1 Testlink	1 Testlink	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
CVE-2019-14471	1 Testlink	1 Testlink	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
TestLink 1.9.19 has XSS via the error.php message parameter.
CVE-2018-7668	1 Testlink	1 Testlink	2024-11-21	5.0 MEDIUM	7.5 HIGH
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
CVE-2018-7466	1 Testlink	1 Testlink	2024-11-21	6.0 MEDIUM	7.5 HIGH
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
CVE-2024-42906	1 Testlink	1 Testlink	2024-09-05	N/A	6.1 MEDIUM
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.