Описание
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-4238
- http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html
- http://osvdb.org/60919
- http://osvdb.org/60920
- http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
- http://www.securityfocus.com/bid/37258
- http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2
Связанные уязвимости
nvd
около 16 лет назад
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.