VYPR
Vendor

Testlink

Products
2
CVEs
31
Across products
35
Status
Private

Products

2

Recent CVEs

31
View all 31 CVEs →
  • CVE-2015-7390CriSep 26, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

  • CVE-2018-7668HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.

  • CVE-2015-7391MedSep 26, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType…

  • CVE-2020-8639Apr 3, 2020
    risk 0.04cvss epss 0.16

    An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute…

  • CVE-2018-7466HigFeb 25, 2018
    risk 0.04cvss 7.5epss 0.06

    install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

  • CVE-2014-5308Oct 8, 2014
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.

  • CVE-2012-0938Aug 14, 2014
    risk 0.03cvss epss 0.06

    Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2)…

  • CVE-2009-4238Dec 10, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.

  • CVE-2009-4237Dec 10, 2009
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key…

  • CVE-2024-46097Sep 27, 2024
    risk 0.00cvss epss 0.00

    TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application…

  • CVE-2024-42906Aug 26, 2024
    risk 0.00cvss epss 0.00

    TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.

  • CVE-2023-50110Dec 30, 2023
    risk 0.00cvss epss 0.01

    TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.

  • CVE-2022-35196Sep 20, 2022
    risk 0.00cvss epss 0.00

    TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.

  • CVE-2022-35194Sep 16, 2022
    risk 0.00cvss epss 0.01

    TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.

  • CVE-2022-35193Sep 16, 2022
    risk 0.00cvss epss 0.01

    TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.

  • CVE-2022-35195Sep 16, 2022
    risk 0.00cvss epss 0.01

    TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php

  • CVE-2020-12273Apr 27, 2020
    risk 0.00cvss epss 0.01

    In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.

  • CVE-2020-12274Apr 27, 2020
    risk 0.00cvss epss 0.01

    In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

  • CVE-2020-8638Apr 3, 2020
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.

  • CVE-2020-8637Apr 3, 2020
    risk 0.00cvss epss 0.03

    A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.