Injection Vulnerability in TestLink's installNewDB.php Allows Remote Attackers to Conduct Injection Attacks

Injection Vulnerability in TestLink's installNewDB.php Allows Remote Attackers to Conduct Injection Attacks

CVE-2018-7466 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.

Learn more about our Web Application Penetration Testing UK.