CVE-2014-5308 - CERT CVE
ID CVE-2014-5308
Sažetak Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
Reference
CVSS
Base: 9.0
Impact: 10.0
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:L/Au:S/C:C/I:C/A:C
Zadnje važnije ažuriranje 09-10-2014 - 12:55
Objavljeno 08-10-2014 - 17:55