CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12274

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile40.09th
PublishedApr 27, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

Affected Platforms (CPE)

πŸ“¦
Testlink

Testlink

= 1.9.20

References & Advisories

πŸ”— http://mantis.testlink.org/view.php?id=8894
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2d17cd00f981f8e8c97de34a12e368ba2a55e3d0
πŸ”— http://mantis.testlink.org/view.php?id=8894
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2d17cd00f981f8e8c97de34a12e368ba2a55e3d0

Related Vulnerabilities

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86379.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via t...

CVE-2020-86389.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urg...

CVE-2015-73909.8

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey par...