Vulnerabilities > Testlink

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-12274 Improper Input Validation vulnerability in Testlink 1.9.20
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
network
low complexity
testlink CWE-20
7.5
2020-04-27 CVE-2020-12273 Insufficiently Protected Credentials vulnerability in Testlink 1.9.20
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
network
low complexity
testlink CWE-522
5.0
2020-04-03 CVE-2020-8639 Unrestricted Upload of File with Dangerous Type vulnerability in Testlink 1.9.20
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
network
low complexity
testlink CWE-434
6.5
2020-04-03 CVE-2020-8638 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
network
low complexity
testlink CWE-89
7.5
2020-04-03 CVE-2020-8637 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
network
low complexity
testlink CWE-89
7.5
2020-03-05 CVE-2019-20107 SQL Injection vulnerability in Testlink
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php.
network
low complexity
testlink CWE-89
6.5
2020-02-10 CVE-2020-8841 SQL Injection vulnerability in Testlink 1.9.19
An issue was discovered in TestLink 1.9.19.
network
low complexity
testlink CWE-89
6.5
2020-01-20 CVE-2019-20381 Cross-site Scripting vulnerability in Testlink
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter.
network
testlink CWE-79
4.3
2019-12-02 CVE-2019-19491 Cross-site Scripting vulnerability in Testlink 1.9.19
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
network
testlink CWE-79
4.3
2019-08-01 CVE-2019-14471 Cross-site Scripting vulnerability in Testlink 1.9.19
TestLink 1.9.19 has XSS via the error.php message parameter.
network
testlink CWE-79
4.3