Vulnerabilities > Testlink > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-30 | CVE-2023-50110 | Unspecified vulnerability in Testlink TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. | 7.5 |
| 2020-04-27 | CVE-2020-12274 | Improper Input Validation vulnerability in Testlink 1.9.20 In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session. | 7.5 |
| 2020-04-03 | CVE-2020-8638 | SQL Injection vulnerability in Testlink 1.9.20 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | 7.5 |
| 2020-04-03 | CVE-2020-8637 | SQL Injection vulnerability in Testlink 1.9.20 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | 7.5 |
| 2017-09-26 | CVE-2015-7390 | SQL Injection vulnerability in Testlink SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | 7.5 |
| 2014-10-31 | CVE-2014-8081 | Code Injection vulnerability in Testlink lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | 7.5 |