漏洞类别:CGI
漏洞等级: 
漏洞信息
TestLink is an open source, web-based test management system that facilitates software quality assurance. It is developed and maintained by Teamtest. The platform offers support for test cases, test suites, test plans, test projects and user management, as well as various reports and statistics.
The vulnerability is caused by insufficient sanitization of the "apikey" parameter, which is passed to the "lnl.php" source file. An unauthenticated, remote attacker can exploit the vulnerability by transmitting malicious HTTP GET requests to inject and execute arbitrary SQL commands in the targeted application's database.
Affected Versions:
TestLink 1.9.14 and prior
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
Customers can install TestLink 1.9.15 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论