CVE-2018-7466

NONE EPSS 92.8%
Published Feb 25, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 25, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

Threat Intelligence

EPSS Exploit Probability
92.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
testlinktestlink* ≤1.9.16

References 3

  • github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679
    PatchThird Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44226/
    ExploitThird Party AdvisoryVDB Entry
  • exploit-db.com https://www.exploit-db.com/exploits/44349/
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679
    PatchThird Party Advisory