Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007402TestLinkSecurity - SQL Injectionpublic2016-01-07 17:572016-09-08 15:12
Reporterhtbridge 
Assigned Tofman 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Fixed in Version1.9.15 (2015 Q4) 
Summary0007402: TestLink Security Vulnerability Notification
DescriptionHello,

High-Tech Bridge Security Research Lab has discovered security vulnerability in TestLink.

Preview available here: https://www.htbridge.com/advisory/HTB23288 [^]

Developers can contact us by email for details: advisory (at) htbridge.com

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html [^]

Best regards,
High-Tech Bridge Security Research Lab
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusTBD
Attached Files

- Relationships
related to 0007637closedfman The tree in the left frame remains empty, after applying the security patch of ticket 7402 
child of 0007262closedfman Availables hot-fixes for 1.9.14 & How To get full fixed package from GitHub 

-  Notes
(0024396)
fman (administrator)
2016-01-09 15:19

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/410dd6a480ddc4eaf7ed8f26b5df98df74837539 [^]
(0024397)
fman (administrator)
2016-01-09 15:20

would you mind to retest & provide feedback ?
(0024399)
fman (administrator)
2016-01-09 18:26

also this
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/c4fa3777ec0ff1ebadcf8331a083b4fd47247f75 [^]
(0024416)
htbridge (reporter)
2016-01-15 22:31

We have tested the new code and we confirm that the vulnerability is fixed.
(0024417)
fman (administrator)
2016-01-17 18:33

Great
(0025206)
fman (administrator)
2016-09-08 15:12

1.9.15 Released - 2016-09-08

- Issue History
Date Modified Username Field Change
2016-01-07 17:57 htbridge New Issue
2016-01-09 15:19 fman Note Added: 0024396
2016-01-09 15:19 fman QA Team - Task Workflow Status => TBD
2016-01-09 15:20 fman Note Added: 0024397
2016-01-09 15:20 fman Assigned To => fman
2016-01-09 15:20 fman Status new => feedback
2016-01-09 15:21 fman Relationship added child of 0007262
2016-01-09 18:26 fman Note Added: 0024399
2016-01-15 22:31 htbridge Note Added: 0024416
2016-01-15 22:31 htbridge Status feedback => assigned
2016-01-17 18:33 fman Note Added: 0024417
2016-01-17 18:34 fman Status assigned => resolved
2016-01-17 18:34 fman Fixed in Version => 1.9.15 (2015 Q4)
2016-01-17 18:34 fman Resolution open => fixed
2016-08-10 05:51 didi Note Added: 0025115
2016-08-10 10:14 fman Note Added: 0025116
2016-08-10 10:15 fman Note Edited: 0025116 View Revisions
2016-08-10 10:15 fman Note Edited: 0025116 View Revisions
2016-08-10 14:29 fman Relationship added related to 0007637
2016-08-10 14:29 fman Note Deleted: 0025115
2016-08-10 14:29 fman Note Deleted: 0025116
2016-09-08 15:12 fman Note Added: 0025206
2016-09-08 15:12 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker