Skip to main content

Testlink CVE-2023-50110

HIGH
2023-12-30 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 30, 2023 - 17:15 nvd
HIGH 7.5

DescriptionNVD

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.

AnalysisAI

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. Affected products include: Testlink. Version information: through 1.9.20.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-0938 MEDIUM POC
6.5 Aug 14

Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with cert

CVE-2014-5308 CRITICAL POC
9.0 Oct 08

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL comm

CVE-2020-8638 CRITICAL POC
9.8 Apr 03

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php v

CVE-2020-8637 CRITICAL POC
9.8 Apr 03

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes

CVE-2022-35196 HIGH POC
8.8 Sep 20

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. Rated high se

CVE-2020-8639 HIGH POC
8.8 Apr 03

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute ar

CVE-2020-8841 HIGH POC
8.8 Feb 10

An issue was discovered in TestLink 1.9.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2014-8081 HIGH POC
7.5 Oct 31

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks

CVE-2024-46097 HIGH POC
8.1 Sep 27

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. Rated high severity (CVSS 8.1

CVE-2020-12273 HIGH POC
7.5 Apr 27

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. Rated high severity (CVSS 7.5),

CVE-2018-7668 HIGH POC
7.5 Mar 05

TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachment

CVE-2018-7466 HIGH POC
7.5 Feb 25

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging c

Share

CVE-2023-50110 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy