CVE-2019-20107
HIGH EPSS 77.9%
Published Mar 5, 20206y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
Published Mar 5, 2020 6y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php; the (3) requirement_id parameter to reqCompareVersions.php; the (4) build_id parameter to planUpdateTC.php; the (5) tplan_id parameter to newest_tcversions.php; the (6) tplan_id parameter to tcCreatedPerUserGUI.php; the (7) tcase_id parameter to tcAssign2Tplan.php; or the (8) testcase_id parameter to tcCompareVersions.php. Authentication is often easy to achieve: a guest account, that can execute this attack, can be created by anyone in the default configuration.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
77.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| testlink | testlink | * | ≤1.9.19 |
References 9
- mantis.testlink.org http://mantis.testlink.org/view.php?id=8829
- mantis.testlink.org http://mantis.testlink.org/view.php?id=8829#c29360
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/146b4f38010a48c36b7d9650060ca354c92ab4ac
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/7647a7b53ceab31524cfcfb3beb8435af0a30fc1
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/942c406fcee5d376235a264cb8a79300a0002d20
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/bcf7b971b5c88ea08d2dc47685f319be3b02cea8
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d27690c6cb7708a6db0701b6428381d32d51495a
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/e2d88c9d7f8e02640ba65e5ff74b55d0399a53d0
- twitter.com https://twitter.com/TLOpenSource/status/1212394020946751489
Remediation
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/146b4f38010a48c36b7d9650060ca354c92ab4ac
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/7647a7b53ceab31524cfcfb3beb8435af0a30fc1
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/942c406fcee5d376235a264cb8a79300a0002d20
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/bcf7b971b5c88ea08d2dc47685f319be3b02cea8
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/d27690c6cb7708a6db0701b6428381d32d51495a
- github.com https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/e2d88c9d7f8e02640ba65e5ff74b55d0399a53d0