Ver007

**Name of the Vulnerable Software and Affected Versions** TestLink version 1.9.19 **Description** An issue was discovered that allows for authenticated SQL Injection through the `relation type` parameter of the "lib/requirements/reqSearch.php" endpoint. **Recommendations** For TestLink version 1.9.19, avoid using the `relation type` parameter in the "lib/requirements/reqSearch.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.