Test ID:	1.3.6.1.4.1.25623.1.0.100390
Category:	Web application abuses
Title:	TestLink < 1.8.5 Multiple Vulnerabilities
Summary:	TestLink is prone to multiple SQL injection (SQLi) and; cross-site scripting (XSS) vulnerabilities because it fails to sufficiently sanitize; user-supplied data.
Description:	Summary: TestLink is prone to multiple SQL injection (SQLi) and cross-site scripting (XSS) vulnerabilities because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: TestLink prior to version 1.8.5. Solution: Update to version 1.8.5 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4237 BugTraq ID: 37258 http://www.securityfocus.com/bid/37258 http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.html http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities http://osvdb.org/60914 http://osvdb.org/60915 http://osvdb.org/60916 http://osvdb.org/60917 http://osvdb.org/60918 Common Vulnerability Exposure (CVE) ID: CVE-2009-4238 http://osvdb.org/60919 http://osvdb.org/60920
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.