CVE-2014-8082

Published: Oct 31, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.

Affected (1)

Products: Testlink: Testlink

Testlink

1 product

Testlink

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Testlink Testlink	Up to 1.9.12

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://karmainsecurity.com/KIS-2014-12

Source: cve@mitre.org

ExploitPatch

http://mantis.testlink.org/view.php?id=6651

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/128824/TestLink-1.9.12-Path-Disclosure.html

Source: cve@mitre.org

ExploitPatch

http://seclists.org/fulldisclosure/2014/Oct/106

Source: cve@mitre.org

ExploitPatch

http://www.securityfocus.com/archive/1/533799/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/70713

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/97728

Source: cve@mitre.org

https://gitorious.org/testlink-ga/testlink-code/commit/c943e7a397f03e1f60b096c7e6eb94fdefd8a569

Source: cve@mitre.org

http://karmainsecurity.com/KIS-2014-12