Description
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Core Security · textwebappsphp
https://www.exploit-db.com/exploits/10364
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37258
Patch, Vendor Advisory, URL Repurposed x_refsource_confirm
http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/60919
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/60920
Scores
EPSS
0.0039
EPSS Percentile
59.9%
Details
CWE
CWE-89
Status
published
Products (11)
teamst/testlink
1.7
teamst/testlink
1.7.1
teamst/testlink
1.7.2
teamst/testlink
1.7.3
teamst/testlink
1.7.4
teamst/testlink
1.8 (5 CPE variants)
teamst/testlink
1.8.0
teamst/testlink
1.8.1
teamst/testlink
1.8.2
teamst/testlink
1.8.3
... and 1 more
Published
Dec 10, 2009
Tracked Since
Feb 18, 2026