Testlink

testlink

27 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (27)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-7390 1Testlink 1Testlink May 13, 2026 Sep 26, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
CVE-2014-8082 1Testlink 1Testlink May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
CVE-2014-8081 1Testlink 1Testlink May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
CVE-2014-5308 1Testlink 1Testlink May 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id paramete...Show more Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.Show less
CVE-2012-0939 1Testlink 1Testlink May 6, 2026 Aug 14, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAn...Show more Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.Show less
CVE-2012-0938 1Testlink 1Testlink May 6, 2026 Aug 14, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_childre...Show more Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-6006 1Testlink 1Testlink Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.