Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
---|---|---|---|---|---|
CVE-2023-50110 | High | Dec 30, 2023 | TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. |
1.9.20, 1.9.19, 1.9.18, 1.9.17, 1.9.14, 1.9.13, 1.9.12, 1.9.11, 1.9, 1.8.5
|
|
CVE-2022-35196 | BDSA-2022-2626 | High | Sep 20, 2022 | TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. |
1.9.20
|
CVE-2022-35195 | BDSA-2022-2593 | High | Sep 16, 2022 | TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php |
1.9.20
|
CVE-2022-35194 | BDSA-2022-2596 | Medium | Sep 16, 2022 | TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. |
1.9.20
|
CVE-2022-35193 | BDSA-2022-2595 | High | Sep 16, 2022 | TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. |
1.9.20
|
CVE-2020-8639 | BDSA-2020-0656 | High | Apr 03, 2020 | An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a fil more... |
1.9.20
|
CVE-2020-8638 | BDSA-2020-0655 | Critical | Apr 03, 2020 | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. |
1.9.20
|
CVE-2020-8637 | BDSA-2020-0657 | Critical | Apr 03, 2020 | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. more... |
1.9.20
|
CVE-2020-12274 | BDSA-2020-1021 | Critical | Apr 27, 2020 | In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constra more... |
1.9.20
|
CVE-2020-12273 | BDSA-2020-1022 | High | Apr 27, 2020 | In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. |
1.9.20
|