Описание
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-0939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73389
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html
- http://osvdb.org/79447
- http://osvdb.org/79448
- http://osvdb.org/79449
- http://secunia.com/advisories/48054
- http://www.securityfocus.com/bid/52086
Связанные уязвимости
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.