CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-8841

An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/239
https://github.com/ver007/testlink-1.9.19-sqlinject
https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/239
https://github.com/ver007/testlink-1.9.19-sqlinject

Products affected by CVE-2020-8841

Testlink » Testlink » Version: 1.9.19

cpe:2.3:a:testlink:testlink:1.9.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8841

Products

Pricing

Contact Us