CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50110
https://notcve.org/view.php?id=CVE-2023-50110
30 Dec 2023 — TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. TestLink hasta 1.9.20 permite hacer malabarismo de tipos para omitir la autenticación porque no se usa ===. • https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/357 •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-20107
https://notcve.org/view.php?id=CVE-2019-20107
05 Mar 2020 — Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.... • http://mantis.testlink.org/view.php?id=8829 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20381
https://notcve.org/view.php?id=CVE-2019-20381
20 Jan 2020 — TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491. TestLink versiones anteriores a 1.9.20, permite un ataque de tipo XSS por medio de un javascript sin minúsculas: en el parámetro reqURI del archivo index.php. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2019-19491. • http://mantis.testlink.org/view.php?id=8808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10378 – Jenkins testlink Cleartext Storage of Credentials Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10378
07 Aug 2019 — Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. El Plugin TestLink de Jenkins versión 3.16 y anteriores, almacena las credenciales sin cifrar en su archivo de configuración global en el maestro de Jenkins, donde pueden ser visualizados por los usuarios con acceso al sistema de archivos maestro. This vulnerability allows local attackers to disclose sensitive ... • http://www.openwall.com/lists/oss-security/2019/08/07/1 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000113
https://notcve.org/view.php?id=CVE-2018-1000113
13 Mar 2018 — A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript Existe una vulnerabilidad de Cross-Site Scripting (XSS) en Jel plugin TestLink para Jenkins, en versiones 2.12 y anteriores, en TestLinkBuildAction/summary.jelly y otros que permite que un atacante que pueda controlar, por ejemplo, los nombres de informe de ... • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7668
https://notcve.org/view.php?id=CVE-2018-7668
05 Mar 2018 — TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. TestLink, hasta la versión 1.9.16, permite que atacantes remotos lean adjuntos arbitrarios mediante un campo ID modificado en /lib/attachments/attachmentdownload.php. • http://lists.openwall.net/full-disclosure/2018/02/28/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 4CVE-2018-7466 – TestLink Open Source Test Management < 1.9.16 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-7466
25 Feb 2018 — install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. install/installNewDB.php en TestLink, hasta la versión 1.9.16, permite que atacantes remotos lleven a cabo ataques de inyección aprovechando el control sobre los datos DB LOGIN NAMES durante la instalación para proporcionar un valor largo y manipulado. TestLink Open Source Test Management versions prior t... • https://packetstorm.news/files/id/146634 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7391 – TestLink 1.9.13 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-7391
07 Oct 2015 — Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) ... • https://packetstorm.news/files/id/133891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7390 – TestLink 1.9.13 SQL Injection
https://notcve.org/view.php?id=CVE-2015-7390
07 Oct 2015 — SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. Una vulnerabilidad de inyección SQL en TestLink en versiones anteriores a la 1.9.14 permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro apikey a lnl.php. TestLink version 1.9.13 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/133890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2014-8081 – TestLink 1.9.12 PHP Object Injection
https://notcve.org/view.php?id=CVE-2014-8081
23 Oct 2014 — lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. lib/execute/execSetResults.php en TestLink anterior a 1.9.13 permite a atacantes remotos realizar ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro filter_result_result. TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php. • http://karmainsecurity.com/KIS-2014-11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •