漏洞信息详情
Teamst TestLink多个SQL注入漏洞
- CNNVD编号:CNNVD-200912-155
- 危害等级: 高危
- CVE编号: CVE-2009-4238
- 漏洞类型: SQL注入
- 发布时间: 2009-12-10
- 威胁类型: 远程
- 更新时间: 2009-12-11
- 厂 商: teamst
- 漏洞来源: Pablo Annetta from...
漏洞简介
TestLink中存在多个SQL注入漏洞,远程验证用户可以借助(1)lib/general/navBar.php的Test Case ID字段或(2)lib/events/eventviewer.php的logLevel参数执行人员SQL指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
TestLink TestLink 0
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8 RC1
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.7
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.7.1
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.7.4
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8.1
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8.2
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8.3
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
TestLink TestLink 1.8.4
TestLink testlink_1.8.5.zip
http://sourceforge.net/projects/testlink/files/TestLink%201.8/TestLink %201.8.5/testlink_1.8.5.zip/download
参考网址
来源: www.teamst.org
链接:http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2
来源: BID
名称: 37258
链接:http://www.securityfocus.com/bid/37258
来源: MISC
链接:http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities
来源: OSVDB
名称: 60920
链接:http://osvdb.org/60920
来源: OSVDB
名称: 60919
链接:http://osvdb.org/60919
来源: FULLDISC
名称: 20091209 CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System
链接:http://archives.neohapsis.com/archives/fulldisclosure/current/0221.HTML
受影响实体
- Teamst Testlink:1.8:Beta2
- Teamst Testlink:1.8:Beta3
- Teamst Testlink:1.7.4
- Teamst Testlink:1.8:Beta1
- Teamst Testlink:1.8.3
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论