CVE-2012-0938

TestLink <1.9.3, 1.8.5b - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0938. PoCs published by bcoles, including Metasploit module exploits/multi/http/testlink_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in TestLink v1.9.3, allowing authenticated users to upload PHP payloads and achieve remote code execution. It includes steps for user registration, authentication, file upload, and payload execution.

Description

Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information.

Exploits (1)

metasploit WORKING POC EXCELLENT

by bcoles · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/testlink_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in TestLink v1.9.3, allowing authenticated users to upload PHP payloads and achieve remote code execution. It includes steps for user registration, authentication, file upload, and payload execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TestLink v1.9.3

Auth required

Prerequisites: Network access to the target · TestLink v1.9.3 or prior · Valid credentials or ability to register a user

MITRE ATT&CK