CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7390 – TestLink 1.9.13 SQL Injection
https://notcve.org/view.php?id=CVE-2015-7390
07 Oct 2015 — SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. Una vulnerabilidad de inyección SQL en TestLink en versiones anteriores a la 1.9.14 permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro apikey a lnl.php. TestLink version 1.9.13 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/133890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2014-8081 – TestLink 1.9.12 PHP Object Injection
https://notcve.org/view.php?id=CVE-2014-8081
23 Oct 2014 — lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. lib/execute/execSetResults.php en TestLink anterior a 1.9.13 permite a atacantes remotos realizar ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro filter_result_result. TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php. • http://karmainsecurity.com/KIS-2014-11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8082 – TestLink 1.9.12 Path Disclosure
https://notcve.org/view.php?id=CVE-2014-8082
23 Oct 2014 — lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. lib/functions/database.class.php en TestLink anterior a 1.9.13 permite a atacantes remotos obtener información sensible a través de vectores no especificados, lo que revela la ruta de instalación en un mensaje de error. TestLink versions 1.9.12 and below suffer from a path disclosure weakness. • http://karmainsecurity.com/KIS-2014-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 14%CPEs: 1EXPL: 8CVE-2014-5308 – TestLink 1.9.11 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2014-5308
01 Oct 2014 — Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. Múltiples vulnerabilidades de inyección SQL en TestLink 1.9.11 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) name en una acción de búsquedaen lib/project/projectView.php o (2) id en lib/events/eventinfo.ph... • https://packetstorm.news/files/id/128521 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 29%CPEs: 2EXPL: 0CVE-2012-0938
https://notcve.org/view.php?id=CVE-2012-0938
14 Aug 2014 — Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_... • http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0939
https://notcve.org/view.php?id=CVE-2012-0939
14 Aug 2014 — Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en TestLink 1.8.5b y anteriores permiten a usuarios remotos autenticados con el permiso de visualizació... • http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6006
https://notcve.org/view.php?id=CVE-2007-6006
15 Nov 2007 — TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. TestLink anterior a 1.7.1 no hace cumplir un mecanismo de autorización no especificado, lo cual tiene impacto y vectores de ataque desconocidos. • http://osvdb.org/42211 • CWE-287: Improper Authentication •