Vulnerability Details : CVE-2014-8081
Potential exploit
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
Products affected by CVE-2014-8081
- cpe:2.3:a:testlink:testlink:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8081
3.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8081
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8081
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8081
-
http://karmainsecurity.com/KIS-2014-11
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability | Karma(In)SecurityExploit;Patch
-
http://www.securityfocus.com/archive/1/533798/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/70711
TestLink 'execSetResults.php' PHP Object Injection Vulnerability
-
http://mantis.testlink.org/view.php?id=6651
0006651: PHP Object Injection Vulnerability In /lib/execute/execSetResults.php - MantisBTVendor Advisory
-
https://gitorious.org/testlink-ga/testlink-code/commit/a519da3a45d80077e4eab957eb793b03652f57dc
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97727
TestLink execSetResults.php code execution CVE-2014-8081 Vulnerability Report
-
http://seclists.org/fulldisclosure/2014/Oct/105
Full Disclosure: [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection VulnerabilityExploit;Patch
Jump to