CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-8637

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.084

EPSS Ranking 91.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d99bd8277d384f3417e917ce20bef5d061110343
https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d99bd8277d384f3417e917ce20bef5d061110343

Products affected by CVE-2020-8637

Testlink » Testlink » Version: 1.9.20

cpe:2.3:a:testlink:testlink:1.9.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8637

Products

Pricing

Contact Us