CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8638

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile5.21th
PublishedApr 3, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.

Affected Platforms (CPE)

πŸ“¦
Testlink

Testlink

= 1.9.20

References & Advisories

πŸ”— https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/58f3cc03d5f81cd5cc2ad8c7ba645cc486cebc05
πŸ”— https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
πŸ”— https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/58f3cc03d5f81cd5cc2ad8c7ba645cc486cebc05

Related Vulnerabilities

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86379.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via t...

CVE-2020-122749.8

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client inp...

CVE-2015-73909.8

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey par...