VYPR

Testlink Code

by Testlink

Source repositories

CVEs (4)

  • CVE-2015-7390CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

  • CVE-2018-7668HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.

  • CVE-2018-7466HigFeb 25, 2018
    risk 0.04cvss 7.5epss 0.06

    install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

  • CVE-2020-8637Apr 3, 2020
    risk 0.00cvss epss 0.03

    A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.