Vulnerabilities > Testlink > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-12274 Unspecified vulnerability in Testlink 1.9.20
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
network
low complexity
testlink
critical
 9.8
9.8
2020-04-03 CVE-2020-8638 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
network
low complexity
testlink CWE-89
critical
 9.8
9.8
2020-04-03 CVE-2020-8637 SQL Injection vulnerability in Testlink 1.9.20
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
network
low complexity
testlink CWE-89
critical
 9.8
9.8
2017-09-26 CVE-2015-7390 SQL Injection vulnerability in Testlink
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
network
low complexity
testlink CWE-89
critical
 9.8
9.8