Testlink Code
by Testlink
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7390 | Cri | 0.64 | 9.8 | 0.02 | Sep 26, 2017 | SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | ||
| CVE-2018-7668 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2018 | TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | ||
| CVE-2018-7466 | Hig | 0.04 | 7.5 | 0.06 | Feb 25, 2018 | install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. | ||
| CVE-2020-8637 | 0.00 | — | 0.03 | Apr 3, 2020 | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. |
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
- risk 0.49cvss 7.5epss 0.02
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
- risk 0.04cvss 7.5epss 0.06
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
- CVE-2020-8637Apr 3, 2020risk 0.00cvss —epss 0.03
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.