CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-7390

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile0.45th
Published2017年9月26日
Last Modified2026年5月13日

Vulnerability Description

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.

Affected Platforms (CPE)

📦
Testlink

Testlink

<= 1.9.13

References & Advisories

🔗 http://www.securityfocus.com/archive/1/536623/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/536623/100/0/threaded

関連する脆弱性情報

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86379.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via t...

CVE-2020-86389.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urg...

CVE-2020-122749.8

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client inp...