TestLink Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

TestLink is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to TestLink 1.8.5 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
http://www.securityfocus.com/bid/37258
http://www.teamst.org/
http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4237, CVE-2009-4238

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

/cgi-bin directory browsable ?
Apache Open For Business HTML injection vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Archiva Multiple Vulnerabilities

TestLink Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities