CVE-2014-5308

TestLink 1.9.11 - Authenticated SQL Injection via Name or ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5308. PoCs published by Portcullis.

AI-analyzed exploit summary The document describes two SQL injection vulnerabilities in TestLink 1.9.11, affecting authenticated users. It provides HTTP request examples for exploiting the vulnerabilities but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Portcullis · textwebappsphp
https://www.exploit-db.com/exploits/34863

The document describes two SQL injection vulnerabilities in TestLink 1.9.11, affecting authenticated users. It provides HTTP request examples for exploiting the vulnerabilities but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: TestLink 1.9.11
Auth required
Prerequisites: Authenticated user access · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70207
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Oct/13
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112524
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34863
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Oct/11

Scores

EPSS 0.0352
EPSS Percentile 87.7%

Details

CWE
CWE-89
Status published
Products (1)
testlink/testlink 1.9.11
Published Oct 08, 2014
Tracked Since Feb 18, 2026