cvedb.io
CVE-2024-46097
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2024-09-27T18:15:05.687 · Last modified 2026-06-17T07:55:11.287

Summary

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.

Affected products

testlink — testlink

Does this affect you?

Add your gear to cvedb and we'll alert you only when testlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.