CVE-2012-2275

TestLink < 1.9.3 - Cross-Site Request Forgery via User Management

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2275. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This is a working PoC for a CSRF vulnerability in TestLink 1.9.3, allowing an attacker to change an administrator's email by tricking them into clicking a malicious link. The exploit uses a hidden HTML form with JavaScript auto-submission to perform the unauthorized action.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/21135

View Code ZIP pw:eip

This is a working PoC for a CSRF vulnerability in TestLink 1.9.3, allowing an attacker to change an administrator's email by tricking them into clicking a malicious link. The exploit uses a hidden HTML form with JavaScript auto-submission to perform the unauthorized action.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: TestLink 1.9.3

Auth required

Prerequisites: Victim must be authenticated as an administrator · Victim must visit a malicious link

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/21135

Exploit x_refsource_misc

http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/78306

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-09/0023.html

Exploit, Patch x_refsource_confirm

http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891

Exploit, Patch x_refsource_confirm

http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087

Exploit, Patch x_refsource_confirm

http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23088

Scores

EPSS 0.0273

EPSS Percentile 84.1%

Details

CWE

CWE-352

Status published

Products (13)

teamst/testlink 1.7

teamst/testlink 1.7.0

teamst/testlink 1.7.1

teamst/testlink 1.7.2

teamst/testlink 1.7.3

teamst/testlink 1.7.4

teamst/testlink 1.8 (5 CPE variants)

teamst/testlink 1.8.0

teamst/testlink 1.8.1

teamst/testlink 1.8.2

... and 3 more

Published Sep 15, 2012

Tracked Since Feb 18, 2026