TestLink 1.9.20 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

TestLink 1.9.20 suffers from improper neutralization of special elements used in an sql command vulnerability.

 

 

Credit:

The information has been provided by Miguel Delgado

The original article can be found at:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/

 


Details

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.

 

Vulnerable Systems:

TestLink 1.9.20

 

CVE Information:

CVE-2020-8638

Disclosure Timeline:
Published Date:4/3/2020

Categories: FeaturedNews