CVE Tools

testlink

DevTools & CIoss-project

11

Cumulative CVEs

4

Monthly snapshots

#72

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting testlink.

CVE-2024-46097TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit...8.1Sep 27, 2024
CVE-2024-42906TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.6.1Aug 26, 2024
CVE-2023-50110TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.7.5Dec 30, 2023
CVE-2022-35196TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.8.8Sep 20, 2022
CVE-2022-35194TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.5.4Sep 16, 2022
CVE-2022-35193TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.7.2Sep 16, 2022
CVE-2022-35195TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php7.2Sep 16, 2022
CVE-2020-12273In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.7.5Apr 27, 2020
CVE-2020-12274In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web...9.8Apr 27, 2020
CVE-2020-8639An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an...8.8Apr 3, 2020
CVE-2020-8638A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.9.8Apr 3, 2020
CVE-2020-8637A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.9.8Apr 3, 2020
CVE-2019-20107Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) ...8.8Mar 5, 2020
CVE-2020-8841An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.8.8Feb 10, 2020
CVE-2019-20381TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.6.1Jan 20, 2020