Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.113670 |
Categoría: | Web application abuses |
Título: | TestLink <= 1.9.20 Multiple Vulnerabilities |
Resumen: | TestLink is prone to multiple vulnerabilities. |
Descripción: | Summary: TestLink is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - SQL injection in dragdroptreenodes.php via the node_id parameter. (CVE-2020-8637) - SQL injection in planUrgency.php via the urgency parameter. (CVE-2020-8638) - Arbitrary code execution due to unrestricted file uploads in keywordsImport.php. (CVE-2020-8639) - A crafted login.php viewer parameter exposes cleartext credentials. (CVE-2020-12273) - The lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session. (CVE-2020-12274) Vulnerability Impact: Successful exploitation would allow an attacker to gain complete control over the target system. Affected Software/OS: TestLink through version 1.9.20. Solution: The vendor has stated that no new version will be released. Instead, users are advised to install the program from source from the 'testlink_1_9_20_fixed' branch on the vendor's git repository. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-8637 https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8638 Common Vulnerability Exposure (CVE) ID: CVE-2020-8639 http://packetstormsecurity.com/files/161401/TestLink-1.9.20-Shell-Upload.html |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |