Vulnerabilities > Testlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2014-10-08 CVE-2014-5308 SQL Injection vulnerability in Testlink 1.9.11
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
network
low complexity
testlink CWE-89
critical
 9.0
9.0
2007-11-15 CVE-2007-6006 Improper Authentication vulnerability in Testlink
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
network
low complexity
testlink CWE-287
critical
 10.0
10