TestLink 1.9.20 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability
TestLink 1.9.20 suffers from improper neutralization of special elements used in an sql command vulnerability.
The information has been provided by Miguel Delgado
The original article can be found at:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.