CVE-2009-4238
published 2009-12-10CVE-2009-4238: Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID…
PriorityP433medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.08%
61.0th percentile
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
| teamst | testlink | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7cwx-8f2v-v265: Multiple SQL injection vulnerabilities in TestLink before 1
ghsa_unreviewed·2022-05-02
CVE-2009-4238 [MEDIUM] CWE-89 GHSA-7cwx-8f2v-v265: Multiple SQL injection vulnerabilities in TestLink before 1
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
Red Hat
python: hostname check bypassing vulnerability in SSL module
vendor_redhat·2013-08-12·CVSS 5.9
CVE-2013-4238 [MEDIUM] python: hostname check bypassing vulnerability in SSL module
python: hostname check bypassing vulnerability in SSL module
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Statement: This issue does not affect the version of python as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Package: python (Red Hat Enterprise Linux 5) - Not affected
Package: python (Red Hat Enterprise Linux 7) - Not affected
P
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.htmlhttp://osvdb.org/60919http://osvdb.org/60920http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilitieshttp://www.securityfocus.com/bid/37258http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0221.htmlhttp://osvdb.org/60919http://osvdb.org/60920http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilitieshttp://www.securityfocus.com/bid/37258http://www.teamst.org/index.php?option=com_content&task=view&id=84&Itemid=2
2009-12-10
Published