CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-12274

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile40.09th
Published2020年4月27日
Last Modified2024年11月21日

Vulnerability Description

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

Affected Platforms (CPE)

📦
Testlink

Testlink

= 1.9.20

References & Advisories

🔗 http://mantis.testlink.org/view.php?id=8894
🔗 https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2d17cd00f981f8e8c97de34a12e368ba2a55e3d0
🔗 http://mantis.testlink.org/view.php?id=8894
🔗 https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2d17cd00f981f8e8c97de34a12e368ba2a55e3d0

相關漏洞威脅

CVE-2007-600610.0

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

CVE-2020-86379.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via t...

CVE-2020-86389.8

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urg...

CVE-2015-73909.8

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey par...