CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7466

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.112

EPSS Ranking 93.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.0

References

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679
https://www.exploit-db.com/exploits/44226/
https://www.exploit-db.com/exploits/44349/
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679
https://www.exploit-db.com/exploits/44226/
https://www.exploit-db.com/exploits/44349/

Products affected by CVE-2018-7466

Testlink » Testlink » Version: Any

cpe:2.3:a:testlink:testlink:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7466

Products

Pricing

Contact Us