ID de Prueba:	1.3.6.1.4.1.25623.1.0.100390
Categoría:	Web application abuses
Título:	TestLink < 1.8.5 Multiple Vulnerabilities
Resumen:	TestLink is prone to multiple SQL injection (SQLi) and; cross-site scripting (XSS) vulnerabilities because it fails to sufficiently sanitize; user-supplied data.
Descripción:	Summary: TestLink is prone to multiple SQL injection (SQLi) and cross-site scripting (XSS) vulnerabilities because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: TestLink prior to version 1.8.5. Solution: Update to version 1.8.5 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4237 BugTraq ID: 37258 http://www.securityfocus.com/bid/37258 http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities http://osvdb.org/60914 http://osvdb.org/60915 http://osvdb.org/60916 http://osvdb.org/60917 http://osvdb.org/60918 Common Vulnerability Exposure (CVE) ID: CVE-2009-4238 http://osvdb.org/60919 http://osvdb.org/60920
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.