漏洞类别:CGI
漏洞等级: 
漏洞信息
TestLink is an open source, web-based test management system that facilitates software quality assurance. The platform offers support for test cases, test suites, test plans, test projects and user management, as well as various reports and statistics.
TestLink contains the following vulnerabilities:
CVE-2014-8081: lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
CVE-2014-8082: lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
Affected Versions:
TestLink prior to 1.9.13
漏洞危害
Depending on the vulnerability being exploited, a remote attacker could conduct PHP object injection attacks and execute arbitrary PHP code or obtain sensitive information on a targeted system.
解决方案
Customers can install TestLink 1.9.13 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论