CVE-2012-0938

Name of the Vulnerable Software and Affected Versions TestLink versions 1.9.3, 1.8.5b, and earlier

Description The issue allows remote authenticated users with certain permissions to execute arbitrary SQL commands. This can be achieved via several parameters in different files, including the root node parameter in the display children function to "getrequirementnodes.php" or "gettprojectnodes.php" in lib/ajax/, the cfield id parameter in an edit action to lib/cfields/cfieldsEdit.php, the id parameter in an edit action or the plan id parameter in a create action to lib/plan/planMilestonesEdit.php, or the req spec id parameter to "reqImport.php" or in a create action to reqEdit.php in lib/requirements/.

Recommendations For TestLink versions 1.9.3, 1.8.5b, and earlier, consider restricting access to the vulnerable parameters, such as root node, cfield id, id, plan id, and req spec id, until a patch is available. As a temporary workaround, limit the permissions of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.