CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8082 – TestLink 1.9.12 Path Disclosure
https://notcve.org/view.php?id=CVE-2014-8082
23 Oct 2014 — lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. lib/functions/database.class.php en TestLink anterior a 1.9.13 permite a atacantes remotos obtener información sensible a través de vectores no especificados, lo que revela la ruta de instalación en un mensaje de error. TestLink versions 1.9.12 and below suffer from a path disclosure weakness. • http://karmainsecurity.com/KIS-2014-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 14%CPEs: 1EXPL: 8CVE-2014-5308 – TestLink 1.9.11 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2014-5308
01 Oct 2014 — Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. Múltiples vulnerabilidades de inyección SQL en TestLink 1.9.11 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) name en una acción de búsquedaen lib/project/projectView.php o (2) id en lib/events/eventinfo.ph... • https://packetstorm.news/files/id/128521 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •