Testlink: >> Testlink >> 1.9.12 Security Vulnerabilities
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-26
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-30
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
CVSS Score
8.8
EPSS Score
0.018
Published
2020-03-05
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-20
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-05
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-09-26
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-26
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
CVSS Score
7.5
EPSS Score
0.032
Published
2014-10-31
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-10-31