Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TestLink SQL注入漏洞
Vulnerability Description
Testlink是TestLink团队开发的一套基于PHP的开源测试管理工具。该工具提供测试需求管理、测试用例管理和测试数据统计等功能。 TestLink 1.9.3和1.8.5b版本中存在SQL注入漏洞,该漏洞源于requirements/ URL下的reqSpecAnalyse.php、reqSpecPrint.php或reqSpecView.php没有充分过滤‘req_spec_id’参数。远程攻击者可利用该漏洞以Requirement视图权限利用该漏洞执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A