CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8637

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile39.75th
PublishedApr 3, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.

Affected Platforms (CPE)

πŸ“¦
Testlink

Testlink

= 1.9.20

References & Advisories

πŸ”— https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d99bd8277d384f3417e917ce20bef5d061110343
πŸ”— https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d99bd8277d384f3417e917ce20bef5d061110343

Related Vulnerabilities

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86389.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urg...

CVE-2020-122749.8

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client inp...

CVE-2015-73909.8

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey par...