Sean Cai

8 exploits Active since Sep 2022
CVE-2022-35193 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - SQL Injection via execNavigator.php
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVSS 7.2
CVE-2022-35194 WRITEUP MEDIUM WRITEUP
TestLink 1.9.20 - Stored Cross-Site Scripting via inventoryView.php
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
CVSS 5.4
CVE-2022-35195 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - Broken Access Control in Attachment Download Endpoint
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
CVSS 7.2
CVE-2022-35196 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - Cross-Site Request Forgery via planView.php
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVSS 8.8
CVE-2022-35193 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - SQL Injection via execNavigator.php
TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
CVSS 7.2
CVE-2022-35194 WRITEUP MEDIUM WRITEUP
TestLink 1.9.20 - Stored Cross-Site Scripting via inventoryView.php
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
CVSS 5.4
CVE-2022-35195 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - Broken Access Control in Attachment Download Endpoint
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
CVSS 7.2
CVE-2022-35196 WRITEUP HIGH WRITEUP
TestLink 1.9.20 - Cross-Site Request Forgery via planView.php
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVSS 8.8