Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Testlink Subscribe
Filtered by product Testlink
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35196 1 Testlink 1 Testlink 2022-09-21 N/A 8.8 HIGH
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVE-2022-35194 1 Testlink 1 Testlink 2022-09-21 N/A 5.4 MEDIUM
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
CVE-2022-35195 1 Testlink 1 Testlink 2022-09-16 N/A 7.2 HIGH
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
CVE-2022-35193 1 Testlink 1 Testlink 2022-09-16 N/A 7.2 HIGH
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVE-2020-12274 1 Testlink 1 Testlink 2021-07-21 7.5 HIGH 9.8 CRITICAL
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
CVE-2020-12273 1 Testlink 1 Testlink 2021-07-21 5.0 MEDIUM 7.5 HIGH
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
CVE-2020-8639 1 Testlink 1 Testlink 2021-02-22 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
CVE-2020-8638 1 Testlink 1 Testlink 2020-04-06 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
CVE-2020-8637 1 Testlink 1 Testlink 2020-04-06 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
CVE-2019-20107 1 Testlink 1 Testlink 2020-03-06 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
CVE-2020-8841 1 Testlink 1 Testlink 2020-02-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.
CVE-2019-20381 1 Testlink 1 Testlink 2020-01-24 4.3 MEDIUM 6.1 MEDIUM
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.
CVE-2019-19491 1 Testlink 1 Testlink 2019-12-04 4.3 MEDIUM 6.1 MEDIUM
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
CVE-2019-14471 1 Testlink 1 Testlink 2019-08-02 4.3 MEDIUM 6.1 MEDIUM
TestLink 1.9.19 has XSS via the error.php message parameter.
CVE-2015-7390 1 Testlink 1 Testlink 2019-03-11 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
CVE-2018-7466 1 Testlink 1 Testlink 2019-03-05 6.0 MEDIUM 7.5 HIGH
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
CVE-2015-7391 1 Testlink 1 Testlink 2018-10-09 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.
CVE-2014-8082 1 Testlink 1 Testlink 2018-10-09 5.0 MEDIUM N/A
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
CVE-2014-8081 1 Testlink 1 Testlink 2018-10-09 7.5 HIGH N/A
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
CVE-2018-7668 1 Testlink 1 Testlink 2018-03-27 5.0 MEDIUM 7.5 HIGH
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.