CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7390

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile0.45th
PublishedSep 26, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

Affected Platforms (CPE)

📦
Testlink

Testlink

<= 1.9.13

References & Advisories

🔗 http://www.securityfocus.com/archive/1/536623/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/536623/100/0/threaded

Related Vulnerabilities

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86379.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via t...

CVE-2020-86389.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urg...

CVE-2020-122749.8

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client inp...